CVE-2023-27904

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions Jenkins versions 2.393 and earlier Jenkins LTS versions 2.375.3 and earlier

Description The issue potentially reveals information about Jenkins configuration that is otherwise inaccessible to attackers when an error stack trace is printed on agent-related pages due to broken agent connections.

Recommendations For Jenkins versions 2.393 and earlier, update to version 2.394 or later to resolve the issue. For Jenkins LTS versions 2.375.3 and earlier, update to version 2.375.4 or later, or to version 2.387.1 or later, to resolve the issue.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

BIT-JENKINS-2023-27904

CVE-2023-27904

GHSA-RRGP-C2W8-6VG6

RHSA-2023:1655

RHSA-2023:3195

RHSA-2023:3198

RHSA-2023:3299

RHSA-2023:3622

RHSA-2023:3663

RHSA-2023:6171

RHSA-2023:6172

RHSA-2024:0775

RHSA-2024:0778

Affected Products

Jenkins

CVE-2023-27904

Related Identifiers

Affected Products

References · 9