Description
The API URL computer/(master)/api/xml in Jenkins before 2.3 and LTS before 1.651.2 allows remote authenticated users with extended read permission for the master node to obtain sensitive information about the global configuration via unspecified vectors.
Remediation
References
http://rhn.redhat.com/errata/RHSA-2016-1773.html
https://access.redhat.com/errata/RHSA-2016:1206
https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11
https://www.cloudbees.com/jenkins-security-advisory-2016-05-11
Related Vulnerabilities
CVE-2021-35516 Vulnerability in maven package org.apache.commons:commons-compress
CVE-2010-2273 Vulnerability in npm package dojo
CVE-2020-13957 Vulnerability in maven package org.apache.solr:solr-solrj
CVE-2018-3774 Vulnerability in maven package org.webjars.npm:url-parse
CVE-2023-32071 Vulnerability in maven package org.xwiki.platform:xwiki-platform-web-templates