Cloudbees · Jenkins · CVE-2016-3723
**Name of the Vulnerable Software and Affected Versions**
Jenkins versions prior to 2.3
Jenkins LTS versions prior to 1.651.2
**Description**
The issue allows remote authenticated users with read access to obtain sensitive plugin installation information. This is achieved by leveraging missing permissions checks in XML/JSON API endpoints.
**Recommendations**
For Jenkins versions prior to 2.3, update to version 2.3 or later.
For Jenkins LTS versions prior to 1.651.2, update to version 1.651.2 or later.