Description
A information exposure vulnerability exists in Jenkins 2.120 and older, LTS 2.107.2 and older in AboutJenkins.java, ListPluginsCommand.java that allows users with Overall/Read access to enumerate all installed plugins.
Remediation
References
Related Vulnerabilities
Oracle JRE CVE-2023-21968 Vulnerability (CVE-2023-21968)
WordPress Plugin Wholesale Market for WooCommerce Arbitrary File Download (1.0.7)
WordPress Plugin Easy Redirect Manager Cross-Site Scripting (2.18.18)
WordPress Plugin Wordpress Forms Multiple Vulnerabilities (0.2.7.1)
MyBB Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2015-2334)