Description
Jenkins before 2.3 and LTS before 1.651.2 allow remote authenticated users with read access to obtain sensitive plugin installation information by leveraging missing permissions checks in unspecified XML/JSON API endpoints.
Remediation
References
Related Vulnerabilities
WordPress Plugin pipdig Power pack (p3) Backdoor (4.7.3)
b2evolution Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2011-3709)
PHP Improper Input Validation Vulnerability (CVE-2012-2336)
WordPress Plugin NextGEN Gallery-WordPress Gallery 'nggallery-manage-gallery' HTML Injection (0.96)
WordPress Plugin WooCommerce PDF Invoices & Packing Slips Cross-Site Request Forgery (2.2.6)