Description
An exposure of sensitive information vulnerability exists in Jenkins Reverse Proxy Auth Plugin 1.5 and older in ReverseProxySecurityRealm#authContext that allows attackers with local file system access to obtain a list of authorities for logged in users.
Remediation
References
https://jenkins.io/security/advisory/2018-03-26/#SECURITY-736
Related Vulnerabilities
CVE-2014-8114 Vulnerability in maven package org.uberfire:uberfire-server
CVE-2014-0109 Vulnerability in maven package org.apache.cxf:cxf-bundle-jaxrs
CVE-2021-3424 Vulnerability in maven package org.keycloak:keycloak-core
CVE-2022-33682 Vulnerability in maven package org.apache.pulsar:pulsar-broker
CVE-2023-37964 Vulnerability in maven package org.jenkins-ci.plugins:elasticbox