Description

The API URL computer/(master)/api/xml in Jenkins before 2.3 and LTS before 1.651.2 allows remote authenticated users with extended read permission for the master node to obtain sensitive information about the global configuration via unspecified vectors.

Remediation

References

CVE-2016-3727

Related Vulnerabilities

Jboss EAP Uncontrolled Resource Consumption Vulnerability (CVE-2014-0118)

WordPress Plugin ARMember-Content Restriction & Membership Security Bypass (1.4)

Joomla Improper Privilege Management Vulnerability (CVE-2018-17855)

WordPress Plugin Leaflet Maps Marker Pro (Google Maps, OpenStreetMap, Bing Maps) Multiple Cross-Site Scripting Vulnerabilities (2.3)

Dotclear Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2014-1613)

Severity

Medium

Classification

CVE-2016-3727 CWE-200 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Tags

Missing Update Known Vulnerabilities