Description
An exposure of sensitive information vulnerability exists in Jenkins Reverse Proxy Auth Plugin 1.5 and older in ReverseProxySecurityRealm#authContext that allows attackers with local file system access to obtain a list of authorities for logged in users.
Remediation
References
https://jenkins.io/security/advisory/2018-03-26/#SECURITY-736
Related Vulnerabilities
CVE-2021-45456 Vulnerability in maven package org.apache.kylin:kylin-server-base
CVE-2023-36470 Vulnerability in maven package org.xwiki.platform:xwiki-platform-icon-ui
CVE-2023-29512 Vulnerability in maven package org.xwiki.platform:xwiki-platform-web-templates
CVE-2019-3772 Vulnerability in maven package org.springframework.integration:spring-integration-xml
CVE-2023-25764 Vulnerability in maven package org.jenkins-ci.plugins:email-ext