GHSA-8572-5jrg-mx52

Source

https://github.com/advisories/GHSA-8572-5jrg-mx52

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-8572-5jrg-mx52/GHSA-8572-5jrg-mx52.json

JSON Data

https://api.test.osv.dev/v1/vulns/GHSA-8572-5jrg-mx52

Aliases

CVE-2016-3723

Published

2022-05-14T03:57:45Z

Modified

2023-11-01T04:46:56.116047Z

Severity

4.3 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVSS Calculator

Summary

Exposure of Sensitive Information in Jenkins Core

Details

Jenkins before 2.3 and LTS before 1.651.2 allow remote authenticated users with read access to obtain sensitive plugin installation information by leveraging missing permissions checks in unspecified XML/JSON API endpoints.

Database specific

{
    "cwe_ids": [
        "CWE-200"
    ],
    "github_reviewed": true,
    "nvd_published_at": "2016-05-17T14:08:00Z",
    "severity": "MODERATE",
    "github_reviewed_at": "2022-11-02T00:41:25Z"
}

References

Affected packages

Maven / org.jenkins-ci.main:jenkins-core

Package

Name: org.jenkins-ci.main:jenkins-core; View open source insights on deps.dev
Purl: pkg:maven/org.jenkins-ci.main/jenkins-core

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.3

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-8572-5jrg-mx52/GHSA-8572-5jrg-mx52.json"