CVE-2018-1000169

Опубликовано: 11 апр. 2018

Источник: redhat

CVSS3: 3.7

EPSS Низкий

Описание

An exposure of sensitive information vulnerability exists in Jenkins 2.115 and older, LTS 2.107.1 and older, in CLICommand.java and ViewOptionHandler.java that allows unauthorized attackers to confirm the existence of agents or views with an attacker-specified name by sending a CLI command to Jenkins.

Ссылки на источники

Дополнительная информация

Статус:

Low

Дефект:

CWE-209

https://bugzilla.redhat.com/show_bug.cgi?id=1566947jenkins: CLI leaked existence of views and agents with attacker-specified names to users without Overall/Read permission (SECURITY-754)

EPSS

Процентиль: 40%

0.00185

Низкий

3.7 Low

CVSS3

Связанные уязвимости

CVE-2018-1000169

CVSS3: 5.3

nvd

почти 8 лет назад

CVE-2018-1000169

CVSS3: 5.3

debian

почти 8 лет назад

An exposure of sensitive information vulnerability exists in Jenkins 2 ...

GHSA-cpw3-x7gf-p872

CVSS3: 5.3

github

больше 3 лет назад

Exposure of Sensitive Information to an Unauthorized Actor in Jenkins

EPSS

Процентиль: 40%

0.00185

Низкий

3.7 Low

CVSS3