Description

The API URL computer/(master)/api/xml in Jenkins before 2.3 and LTS before 1.651.2 allows remote authenticated users with extended read permission for the master node to obtain sensitive information about the global configuration via unspecified vectors.

Remediation

References

http://rhn.redhat.com/errata/RHSA-2016-1773.html

https://access.redhat.com/errata/RHSA-2016:1206

https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11

https://www.cloudbees.com/jenkins-security-advisory-2016-05-11

Related Vulnerabilities

CVE-2023-29509 Vulnerability in maven package org.xwiki.platform:xwiki-platform-flamingo-theme-ui

CVE-2022-4361 Vulnerability in maven package org.keycloak:keycloak-services

CVE-2010-2273 Vulnerability in npm package dojo

CVE-2012-0022 Vulnerability in maven package org.apache.tomcat:tomcat-util

CVE-2021-20334 Vulnerability in npm package mongodb-js-metrics

Severity

Medium

Classification

CWE-200 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Tags

Vendor Advisory