CVE-2018-1000169

Published: Apr 16, 2018Modified: Nov 21, 2024

5.3

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Exploitability: 3.9 / Impact: 1.4

Source: NVD

Description

An exposure of sensitive information vulnerability exists in Jenkins 2.115 and older, LTS 2.107.1 and older, in CLICommand.java and ViewOptionHandler.java that allows unauthorized attackers to confirm the existence of agents or views with an attacker-specified name by sending a CLI command to Jenkins.

Affected (2)

Products: Jenkins: Jenkins

1 product

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Jenkins Jenkins	Up to 2.105
Jenkins Jenkins	Up to 2.107.1

Related CWEs

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (4)

https://access.redhat.com/errata/RHBA-2018:1816

Source: cve@mitre.org

https://jenkins.io/security/advisory/2018-04-11/#SECURITY-754

Source: cve@mitre.org

Vendor Advisory

https://access.redhat.com/errata/RHBA-2018:1816

Source: af854a3a-2127-422b-91ae-364da2661108

https://jenkins.io/security/advisory/2018-04-11/#SECURITY-754

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.