PT-2018-7130 · Cloudbees+1 · Jenkins
Robert Pitt
·
Publicado
2018-05-15
·
Atualizado
2022-05-13
·
CVE-2017-2603
CVSS v2.0
3.5
Baixa
| Vetor | AV:N/AC:M/Au:S/C:P/I:N/A:N |
Name of the Vulnerable Software and Affected Versions:
Jenkins versions prior to 2.44
Jenkins versions prior to 2.32.2
Description:
The issue concerns a user data leak in disconnected agents' config.xml API, potentially exposing sensitive data such as API tokens.
Recommendations:
For versions prior to 2.44, update to version 2.44 or later.
For versions prior to 2.32.2, update to version 2.32.2 or later.
Correção
Information Disclosure
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Identificadores relacionados
Produtos afetados
Jenkins