Description
Jenkins before 1.638 and LTS before 1.625.2 allow remote attackers to obtain sensitive information via a direct request to queue/api.
Remediation
References
http://rhn.redhat.com/errata/RHSA-2016-0489.html
https://access.redhat.com/errata/RHSA-2016:0070
https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11
Related Vulnerabilities
CVE-2011-3375 Vulnerability in maven package org.apache.tomcat:coyote
CVE-2023-31066 Vulnerability in maven package org.apache.inlong:manager-service
CVE-2023-43643 Vulnerability in maven package org.owasp.antisamy:antisamy
CVE-2023-37952 Vulnerability in maven package com.mabl.integration.jenkins:mabl-integration
CVE-2018-20677 Vulnerability in maven package org.webjars.bowergithub.twbs:bootstrap