Описание
Jenkins Reverse Proxy Auth Plugin allows attackers with local file system access to obtain a list of authorities for logged in users
An exposure of sensitive information vulnerability exists in Jenkins Reverse Proxy Auth Plugin 1.5 and older in ReverseProxySecurityRealm#authContext that allows attackers with local file system access to obtain a list of authorities for logged in users. Reverse Proxy Auth Plugin 1.6.0 and newer no longer store the cache of granted authorities on disk.
Пакеты
org.jenkins-ci.plugins:reverse-proxy-auth-plugin
<= 1.5
1.6.0
Связанные уязвимости
An exposure of sensitive information vulnerability exists in Jenkins Reverse Proxy Auth Plugin 1.5 and older in ReverseProxySecurityRealm#authContext that allows attackers with local file system access to obtain a list of authorities for logged in users.