Description
A exposure of sensitive information vulnerability exists in Jenkins 2.132 and earlier, 2.121.1 and earlier in Plugin.java that allows attackers to determine the date and time when a plugin HPI/JPI file was last extracted, which typically is the date of the most recent installation/upgrade.
Remediation
References
Related Vulnerabilities
WordPress Plugin Zedity:The Easiest Way To Create Posts & Pages Cross-Site Scripting (2.5.0)
Atlassian Jira Other Vulnerability (CVE-2007-6618)
WordPress Plugin Podlove Podcast Publisher Multiple Cross-Site Scripting Vulnerabilities (2.1.0)
WordPress Plugin WP Favorite Posts Cross-Site Scripting (1.6.5)
WordPress Plugin Like Button Rating-LikeBtn Server-Side Request Forgery (2.6.31)