Description

A exposure of sensitive information vulnerability exists in Jenkins 2.132 and earlier, 2.121.1 and earlier in Plugin.java that allows attackers to determine the date and time when a plugin HPI/JPI file was last extracted, which typically is the date of the most recent installation/upgrade.

Remediation

References

CVE-2018-1999006

Related Vulnerabilities

WordPress Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2017-6817)

Apache HTTP Server DEPRECATED: Code Vulnerability (CVE-2015-3183)

WordPress Plugin Visual Email Designer for WooCommerce SQL Injection (1.7.1)

WordPress Plugin AdRotate-Ad manager & AdSense Ads 'adrotate-out.php' SQL Injection (3.6.6)

WordPress 2.0.5 Charset Decoding SQL Injection Vulnerability (0.6.2 - 2.0.5)

Severity

Medium

Classification

CVE-2018-1999006 CWE-200 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Tags

Missing Update Known Vulnerabilities