Описание
Jenkins before 1.583 and LTS before 1.565.3 does not properly prevent downloading of plugins, which allows remote authenticated users with the Overall/READ permission to obtain sensitive information by reading the plugin code.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| OpenShift Enterprise 1 | jenkins | Affected | ||
| Red Hat OpenShift Enterprise 2.1 | jenkins | Fixed | RHBA-2014:1630 | 14.10.2014 |
| Red Hat OpenShift Enterprise 2.1 | jenkins-plugin-openshift | Fixed | RHBA-2014:1630 | 14.10.2014 |
| Red Hat OpenShift Enterprise 2.1 | openshift-origin-cartridge-jenkins | Fixed | RHBA-2014:1630 | 14.10.2014 |
| Red Hat OpenShift Enterprise 3.1 | atomic-openshift | Fixed | RHSA-2016:0070 | 26.01.2016 |
| Red Hat OpenShift Enterprise 3.1 | heapster | Fixed | RHSA-2016:0070 | 26.01.2016 |
| Red Hat OpenShift Enterprise 3.1 | jenkins | Fixed | RHSA-2016:0070 | 26.01.2016 |
| Red Hat OpenShift Enterprise 3.1 | nodejs-align-text | Fixed | RHSA-2016:0070 | 26.01.2016 |
| Red Hat OpenShift Enterprise 3.1 | nodejs-ansi-green | Fixed | RHSA-2016:0070 | 26.01.2016 |
| Red Hat OpenShift Enterprise 3.1 | nodejs-ansi-wrap | Fixed | RHSA-2016:0070 | 26.01.2016 |
Показывать по
Дополнительная информация
Статус:
EPSS
5 Medium
CVSS2
Связанные уязвимости
Jenkins before 1.583 and LTS before 1.565.3 does not properly prevent downloading of plugins, which allows remote authenticated users with the Overall/READ permission to obtain sensitive information by reading the plugin code.
Jenkins before 1.583 and LTS before 1.565.3 does not properly prevent downloading of plugins, which allows remote authenticated users with the Overall/READ permission to obtain sensitive information by reading the plugin code.
Jenkins before 1.583 and LTS before 1.565.3 does not properly prevent ...
Jenkins allows Remote Users to Obtain Sensitive Information from a Plugin Code
EPSS
5 Medium
CVSS2