Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

Jenkins Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-3727)

Description

The API URL computer/(master)/api/xml in Jenkins before 2.3 and LTS before 1.651.2 allows remote authenticated users with extended read permission for the master node to obtain sensitive information about the global configuration via unspecified vectors.

Remediation

References

Related Vulnerabilities

Plone CMS Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2013-7060)

Jenkins Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2023-27901)

WordPress Plugin External Links-nofollow, noopener & new window Cross-Site Scripting (2.55)

Elgg Exposure of Private Personal Information to an Unauthorized Actor Vulnerability (CVE-2021-3980)

Drupal Core 8.9.x Remote Code Execution (8.9.0 - 8.9.9)

Severity

Medium

Classification

CVE-2016-3727 CWE-200 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Tags

Missing Update Known Vulnerabilities