Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: GSA_kwCzR0hTQS1ycmdwLWMydzgtNnZnNs4AAyCG

Information disclosure through error stack traces related to agents

Jenkins 2.393 and earlier, LTS 2.375.3 and earlier, and prior to LTS 2.387.1 prints an error stack trace on agent-related pages when agent connections are broken, potentially revealing information about Jenkins configuration that is otherwise inaccessible to attackers.

Jenkins 2.394, LTS 2.375.4, and LTS 2.387.1 does not display error stack traces when agent connections are broken.

Permalink: https://github.com/advisories/GHSA-rrgp-c2w8-6vg6
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1ycmdwLWMydzgtNnZnNs4AAyCG
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Low
Classification: General
Published: over 1 year ago
Updated: 11 months ago


CVSS Score: 3.1
CVSS vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N

Identifiers: GHSA-rrgp-c2w8-6vg6, CVE-2023-27904
References: Repository: https://github.com/CVEProject/cvelist
Blast Radius: 1.0

Affected Packages

maven:org.jenkins-ci.main:jenkins-core
Affected Version Ranges: >= 2.388, < 2.394, >= 2.376, < 2.387.1, < 2.375.4
Fixed in: 2.394, 2.387.1, 2.375.4