Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS1jcHczLXg3Z2YtcDg3Ms4AATSW
Exposure of Sensitive Information to an Unauthorized Actor in Jenkins
An exposure of sensitive information vulnerability exists in Jenkins 2.115 and older, LTS 2.107.1 and older, in CLICommand.java and ViewOptionHandler.java that allows unauthorized attackers to confirm the existence of agents or views with an attacker-specified name by sending a CLI command to Jenkins.
Permalink: https://github.com/advisories/GHSA-cpw3-x7gf-p872JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1jcHczLXg3Z2YtcDg3Ms4AATSW
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: almost 2 years ago
Updated: over 1 year ago
CVSS Score: 5.3
CVSS vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Identifiers: GHSA-cpw3-x7gf-p872, CVE-2018-1000169
References:
- https://nvd.nist.gov/vuln/detail/CVE-2018-1000169
- https://access.redhat.com/errata/RHBA-2018:1816
- https://jenkins.io/security/advisory/2018-04-11/#SECURITY-754
- https://github.com/jenkinsci/jenkins/commit/69a784bb8d2c5a021d225eda2d392fb081c1169e
- https://github.com/advisories/GHSA-cpw3-x7gf-p872
Blast Radius: 1.0
Affected Packages
maven:org.jenkins-ci.main:jenkins-core
Affected Version Ranges: >= 2.108, <= 2.115, <= 2.107.1Fixed in: 2.116, 2.107.2