PT-2018-9339 · Cloudbees+1 · Jenkins
Assaf Berg
·
Publicado
2018-04-13
·
Atualizado
2022-05-14
·
CVE-2018-1000169
CVSS v3.1
5.3
Média
| Vetor | AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Jenkins versions prior to 2.115
Jenkins LTS versions prior to 2.107.1
Description
An exposure of sensitive information issue exists that allows unauthorized attackers to confirm the existence of agents or views with an attacker-specified name by sending a CLI command to Jenkins. This is due to a vulnerability in CLICommand.java and ViewOptionHandler.java.
Recommendations
For Jenkins versions prior to 2.115, update to version 2.115 or later.
For Jenkins LTS versions prior to 2.107.1, update to version 2.107.1 or later.
Correção
Information Disclosure
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Jenkins