GHSA-7vvj-qqvj-h8mc

Опубликовано: 14 мая 2022

Источник: github

Github: Прошло ревью

CVSS3: 6.5

Описание

Jenkins Exposes Sensitive Information from Job Configuration

Jenkins before 2.3 and LTS before 1.651.2 allow remote authenticated users with extended read access to obtain sensitive password information by reading a job configuration.

Ссылки

Пакеты

Наименование

org.jenkins-ci.main:jenkins-core

maven

Затронутые версииВерсия исправления

>= 1.652, < 2.3

2.3

Наименование

org.jenkins-ci.main:jenkins-core

maven

Затронутые версииВерсия исправления

< 1.651.2

1.651.2

EPSS

Процентиль: 51%

0.00279

Низкий

6.5 Medium

CVSS3

CVE ID

CVE-2016-3724

Дефекты

CWE-200

Связанные уязвимости

CVE-2016-3724

CVSS3: 6.5

ubuntu

больше 9 лет назад

Jenkins before 2.3 and LTS before 1.651.2 allow remote authenticated users with extended read access to obtain sensitive password information by reading a job configuration.

CVE-2016-3724

redhat

больше 9 лет назад

Jenkins before 2.3 and LTS before 1.651.2 allow remote authenticated users with extended read access to obtain sensitive password information by reading a job configuration.

CVE-2016-3724

CVSS3: 6.5

nvd

больше 9 лет назад

Jenkins before 2.3 and LTS before 1.651.2 allow remote authenticated users with extended read access to obtain sensitive password information by reading a job configuration.

CVE-2016-3724

CVSS3: 6.5

debian

больше 9 лет назад

Jenkins before 2.3 and LTS before 1.651.2 allow remote authenticated u ...

EPSS

Процентиль: 51%

0.00279

Низкий

6.5 Medium

CVSS3

CVE ID

CVE-2016-3724

Дефекты

CWE-200