Description
The API URL computer/(master)/api/xml in Jenkins before 2.3 and LTS before 1.651.2 allows remote authenticated users with extended read permission for the master node to obtain sensitive information about the global configuration via unspecified vectors.
Remediation
References
http://rhn.redhat.com/errata/RHSA-2016-1773.html
https://access.redhat.com/errata/RHSA-2016:1206
https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11
https://www.cloudbees.com/jenkins-security-advisory-2016-05-11
Related Vulnerabilities
CVE-2021-31411 Vulnerability in maven package com.vaadin:flow-server
CVE-2023-37951 Vulnerability in maven package com.mabl.integration.jenkins:mabl-integration
CVE-2023-50730 Vulnerability in maven package edu.gemini:gsp-graphql-core_sjs1_2.13
CVE-2022-46751 Vulnerability in maven package org.apache.ivy:ivy