Description
An exposure of sensitive information vulnerability exists in Jenkins Reverse Proxy Auth Plugin 1.5 and older in ReverseProxySecurityRealm#authContext that allows attackers with local file system access to obtain a list of authorities for logged in users.
Remediation
References
https://jenkins.io/security/advisory/2018-03-26/#SECURITY-736
Related Vulnerabilities
CVE-2019-12418 Vulnerability in maven package org.apache.tomcat:tomcat-catalina-jmx-remote
CVE-2020-8823 Vulnerability in npm package sockjs
CVE-2020-1729 Vulnerability in maven package io.smallrye.config:smallrye-config
CVE-2017-7957 Vulnerability in maven package com.thoughtworks.xstream:xstream
CVE-2023-32007 Vulnerability in maven package org.apache.spark:spark-core_2.12