Описание
A information exposure vulnerability exists in Jenkins 2.120 and older, LTS 2.107.2 and older in AboutJenkins.java, ListPluginsCommand.java that allows users with Overall/Read access to enumerate all installed plugins.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat OpenShift Enterprise 3 | jenkins | Affected |
Показывать по
10
Дополнительная информация
Статус:
Moderate
Дефект:
CWE-200
https://bugzilla.redhat.com/show_bug.cgi?id=1576706jenkins: CLI and UI allow non-admin users to enumerate installed plugins (SECURITY-771)
4.3 Medium
CVSS3
Связанные уязвимости
CVSS3: 4.3
nvd
больше 7 лет назад
A information exposure vulnerability exists in Jenkins 2.120 and older, LTS 2.107.2 and older in AboutJenkins.java, ListPluginsCommand.java that allows users with Overall/Read access to enumerate all installed plugins.
CVSS3: 4.3
github
больше 3 лет назад
Exposure of Sensitive Information to an Unauthorized Actor in Jenkins
4.3 Medium
CVSS3