Description

An exposure of sensitive information vulnerability exists in Jenkins 2.115 and older, LTS 2.107.1 and older, in CLICommand.java and ViewOptionHandler.java that allows unauthorized attackers to confirm the existence of agents or views with an attacker-specified name by sending a CLI command to Jenkins.

Remediation

References

CVE-2018-1000169

Related Vulnerabilities

WordPress Plugin WP-FaceThumb Cross-Site Scripting (1.0)

OpenSSL Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') Vulnerability (CVE-2010-5298)

phpMyAdmin Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2011-4780)

phpMyAdmin Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2020-10803)

WordPress Plugin Mini Mail Dashboard Widget 'abspath' Parameter Remote File Include (1.36)

Severity

Medium

Classification

CVE-2018-1000169 CWE-200 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Tags

Missing Update Known Vulnerabilities