Description
A exposure of sensitive information vulnerability exists in Jenkins 2.132 and earlier, 2.121.1 and earlier in Plugin.java that allows attackers to determine the date and time when a plugin HPI/JPI file was last extracted, which typically is the date of the most recent installation/upgrade.
Remediation
References
Related Vulnerabilities
Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2012-1155)
Jboss EAP CVE-2022-2764 Vulnerability (CVE-2022-2764)
Apache Tomcat Configuration Vulnerability (CVE-2010-4312)
WordPress Plugin Active Directory Integration SQL Injection (1.1.8)
Jboss EAP Uncontrolled Resource Consumption Vulnerability (CVE-2020-14340)