Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES SCA (Software Composition Analysis)

CVE-2018-1000169 Vulnerability in maven package org.jenkins-ci.main:jenkins-core

Description

An exposure of sensitive information vulnerability exists in Jenkins 2.115 and older, LTS 2.107.1 and older, in CLICommand.java and ViewOptionHandler.java that allows unauthorized attackers to confirm the existence of agents or views with an attacker-specified name by sending a CLI command to Jenkins.

Remediation

References

https://access.redhat.com/errata/RHBA-2018:1816

https://jenkins.io/security/advisory/2018-04-11/#SECURITY-754

Related Vulnerabilities

CVE-2022-36944 Vulnerability in maven package org.scala-lang:scala-library

CVE-2023-2196 Vulnerability in maven package org.jenkins-ci.plugins:codedx

CVE-2021-21120 Vulnerability in maven package org.webjars.npm:electron

CVE-2019-10401 Vulnerability in maven package org.jenkins-ci.main:jenkins-core

CVE-2023-31419 Vulnerability in maven package org.elasticsearch:elasticsearch

Severity

Medium

Classification

CWE-200 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Tags

Vendor Advisory