Description

Jenkins Support Core Plugin 2.72 and earlier provides the serialized user authentication as part of the "About user (basic authentication details only)" information, which can include the session ID of the user creating the support bundle in some configurations.

Remediation

References

https://www.jenkins.io/security/advisory/2021-02-24/#SECURITY-2150

Related Vulnerabilities

CVE-2017-15697 Vulnerability in maven package org.apache.nifi:nifi-jetty

CVE-2023-24998 Vulnerability in maven package org.apache.tomcat.embed:tomcat-embed-core

CVE-2015-0250 Vulnerability in maven package batik:batik-dom

CVE-2018-16474 Vulnerability in npm package tianma-static

CVE-2015-5348 Vulnerability in maven package org.apache.camel:camel-http-common

Severity

Medium

Classification

CWE-200 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Tags

Vendor Advisory