Описание
Jenkins 2.335 through 2.355 (both inclusive) allows attackers in some cases to bypass a protection mechanism, thereby directly accessing some view fragments containing sensitive information, bypassing any permission checks in the corresponding view.
Ссылки
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия от 2.335 (включая) до 2.355 (включая)
cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*
EPSS
Процентиль: 88%
0.04136
Низкий
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
NVD-CWE-Other
Связанные уязвимости
CVSS3: 7.5
redhat
больше 3 лет назад
Jenkins 2.335 through 2.355 (both inclusive) allows attackers in some cases to bypass a protection mechanism, thereby directly accessing some view fragments containing sensitive information, bypassing any permission checks in the corresponding view.
CVSS3: 7.5
debian
больше 3 лет назад
Jenkins 2.335 through 2.355 (both inclusive) allows attackers in some ...
EPSS
Процентиль: 88%
0.04136
Низкий
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
NVD-CWE-Other