CVE-2018-1999046

Published: Aug 23, 2018Modified: Nov 21, 2024

4.3

Vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Exploitability: 2.8 / Impact: 1.4

Source: NVD

Description

A exposure of sensitive information vulnerability exists in Jenkins 2.137 and earlier, 2.121.2 and earlier in Computer.java that allows attackers With Overall/Read permission to access the connection log for any agent.

Affected (2)

Products: Jenkins: Jenkins

Jenkins

1 product

Jenkins

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Jenkins Jenkins	Up to 2.137
Jenkins Jenkins	Up to 2.121.2

Related CWEs

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (2)

https://jenkins.io/security/advisory/2018-08-15/#SECURITY-1071

Source: cve@mitre.org

Vendor Advisory

https://jenkins.io/security/advisory/2018-08-15/#SECURITY-1071

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.