Assaf Berg

**Name of the Vulnerable Software and Affected Versions** Jenkins versions prior to 2.115 Jenkins LTS versions prior to 2.107.1 **Description** An exposure of sensitive information issue exists that allows unauthorized attackers to confirm the existence of agents or views with an attacker-specified name by sending a CLI command to Jenkins. This is due to a vulnerability in CLICommand.java and ViewOptionHandler.java. **Recommendations** For Jenkins versions prior to 2.115, update to version 2.115 or later. For Jenkins LTS versions prior to 2.107.1, update to version 2.107.1 or later.