Описание
Jenkins before 1.583 and LTS before 1.565.3 allows remote authenticated users with the Job/READ permission to obtain the default value for the password field of a parameterized job by reading the DOM.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| OpenShift Enterprise 1 | jenkins | Will not fix | ||
| Red Hat OpenShift Enterprise 2 | jenkins | Affected | ||
| Red Hat OpenShift Enterprise 3.1 | atomic-openshift | Fixed | RHSA-2016:0070 | 26.01.2016 |
| Red Hat OpenShift Enterprise 3.1 | heapster | Fixed | RHSA-2016:0070 | 26.01.2016 |
| Red Hat OpenShift Enterprise 3.1 | jenkins | Fixed | RHSA-2016:0070 | 26.01.2016 |
| Red Hat OpenShift Enterprise 3.1 | nodejs-align-text | Fixed | RHSA-2016:0070 | 26.01.2016 |
| Red Hat OpenShift Enterprise 3.1 | nodejs-ansi-green | Fixed | RHSA-2016:0070 | 26.01.2016 |
| Red Hat OpenShift Enterprise 3.1 | nodejs-ansi-wrap | Fixed | RHSA-2016:0070 | 26.01.2016 |
| Red Hat OpenShift Enterprise 3.1 | nodejs-anymatch | Fixed | RHSA-2016:0070 | 26.01.2016 |
| Red Hat OpenShift Enterprise 3.1 | nodejs-array-unique | Fixed | RHSA-2016:0070 | 26.01.2016 |
Показывать по
Дополнительная информация
Статус:
EPSS
5 Medium
CVSS2
Связанные уязвимости
Jenkins before 1.583 and LTS before 1.565.3 allows remote authenticated users with the Job/READ permission to obtain the default value for the password field of a parameterized job by reading the DOM.
Jenkins before 1.583 and LTS before 1.565.3 allows remote authenticated users with the Job/READ permission to obtain the default value for the password field of a parameterized job by reading the DOM.
Jenkins before 1.583 and LTS before 1.565.3 allows remote authenticate ...
Jenkins Exposure of Sensitive Information to an Unauthorized Actor vulnerability
EPSS
5 Medium
CVSS2