Описание
Jenkins Exposes Sensitive Information via API URL
The API URL computer/(master)/api/xml in Jenkins before 2.3 and LTS before 1.651.2 allows remote authenticated users with extended read permission for the master node to obtain sensitive information about the global configuration via unspecified vectors.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2016-3727
- https://github.com/jenkinsci/jenkins/commit/d66ad6f3ee46a5c6bb865bb831e8cdfc74cd7eb3
- https://access.redhat.com/errata/RHSA-2016:1206
- https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11
- https://www.cloudbees.com/jenkins-security-advisory-2016-05-11
- http://rhn.redhat.com/errata/RHSA-2016-1773.html
Пакеты
org.jenkins-ci.main:jenkins-core
>= 1.652, < 2.3
2.3
org.jenkins-ci.main:jenkins-core
< 1.651.2
1.651.2
Связанные уязвимости
The API URL computer/(master)/api/xml in Jenkins before 2.3 and LTS before 1.651.2 allows remote authenticated users with extended read permission for the master node to obtain sensitive information about the global configuration via unspecified vectors.
The API URL computer/(master)/api/xml in Jenkins before 2.3 and LTS before 1.651.2 allows remote authenticated users with extended read permission for the master node to obtain sensitive information about the global configuration via unspecified vectors.
The API URL computer/(master)/api/xml in Jenkins before 2.3 and LTS before 1.651.2 allows remote authenticated users with extended read permission for the master node to obtain sensitive information about the global configuration via unspecified vectors.
The API URL computer/(master)/api/xml in Jenkins before 2.3 and LTS be ...