Description

The Fingerprints pages in Jenkins before 1.638 and LTS before 1.625.2 might allow remote attackers to obtain sensitive job and build name information via a direct request.

Remediation

References

http://rhn.redhat.com/errata/RHSA-2016-0489.html

https://access.redhat.com/errata/RHSA-2016:0070

https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11

Related Vulnerabilities

CVE-2018-1000067 Vulnerability in maven package org.jenkins-ci.main:jenkins-core

CVE-2013-1966 Vulnerability in maven package org.apache.struts.xwork:xwork-core

CVE-2021-23343 Vulnerability in npm package path-parse

CVE-2023-24998 Vulnerability in maven package org.apache.tomcat.embed:tomcat-embed-core

CVE-2017-12649 Vulnerability in maven package com.liferay:com.liferay.asset.browser.web

Severity

Critical

Classification

CWE-200

Tags

Third Party Advisory Vendor Advisory