PT-2018-9339 · Cloudbees+1 · Jenkins

Assaf Berg

Published

2018-04-13

Updated

2022-05-14

CVE-2018-1000169

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions Jenkins versions prior to 2.115 Jenkins LTS versions prior to 2.107.1

Description An exposure of sensitive information issue exists that allows unauthorized attackers to confirm the existence of agents or views with an attacker-specified name by sending a CLI command to Jenkins. This is due to a vulnerability in CLICommand.java and ViewOptionHandler.java.

Recommendations For Jenkins versions prior to 2.115, update to version 2.115 or later. For Jenkins LTS versions prior to 2.107.1, update to version 2.107.1 or later.

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

CVE-2018-1000169

GHSA-CPW3-X7GF-P872

Affected Products

Jenkins

PT-2018-9339 · Cloudbees+1 · Jenkins

CVE-2018-1000169

Weakness Enumeration

Related Identifiers

Affected Products

References · 7