Description
An exposure of sensitive information vulnerability exists in Jenkins Reverse Proxy Auth Plugin 1.5 and older in ReverseProxySecurityRealm#authContext that allows attackers with local file system access to obtain a list of authorities for logged in users.
Remediation
References
https://jenkins.io/security/advisory/2018-03-26/#SECURITY-736
Related Vulnerabilities
CVE-2023-37943 Vulnerability in maven package org.jenkins-ci.plugins:active-directory
CVE-2020-11973 Vulnerability in maven package org.apache.camel:camel-netty
CVE-2023-6927 Vulnerability in maven package org.keycloak:keycloak-common
CVE-2023-32315 Vulnerability in maven package org.igniterealtime.openfire:xmppserver
CVE-2020-8022 Vulnerability in maven package org.apache.tomcat:tomcat