PT-2018-7130 · Cloudbees+1 · Jenkins
Robert Pitt
·
Published
2018-05-15
·
Updated
2022-05-13
·
CVE-2017-2603
CVSS v2.0
3.5
Low
| Vector | AV:N/AC:M/Au:S/C:P/I:N/A:N |
Name of the Vulnerable Software and Affected Versions:
Jenkins versions prior to 2.44
Jenkins versions prior to 2.32.2
Description:
The issue concerns a user data leak in disconnected agents' config.xml API, potentially exposing sensitive data such as API tokens.
Recommendations:
For versions prior to 2.44, update to version 2.44 or later.
For versions prior to 2.32.2, update to version 2.32.2 or later.
Fix
Information Disclosure
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Jenkins