Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2023-27904

Опубликовано: 10 мар. 2023
Источник: redhat
CVSS3: 5.3
EPSS Низкий

Описание

Jenkins 2.393 and earlier, LTS 2.375.3 and earlier prints an error stack trace on agent-related pages when agent connections are broken, potentially revealing information about Jenkins configuration that is otherwise inaccessible to attackers.

A flaw was found in Jenkins. The affected version of Jenkins prints an error stack trace on agent-related pages when agent connections are broken. This stack trace may contain information about Jenkins configuration that is otherwise inaccessible to attackers.

Отчет

OpenShift 3.11 is already in the ELS support model phase. The Jenkins components are out of the scope of the ELS support; hence OpenShift 3.11 Jenkins component is marked in this CVE as Out of Support Scope.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat OpenShift Container Platform 3.11jenkinsOut of support scope
OCP-Tools-4.12-RHEL-8jenkinsFixedRHSA-2023:319518.05.2023
OCP-Tools-4.12-RHEL-8jenkinsFixedRHSA-2023:617230.10.2023
OCP-Tools-4.12-RHEL-8jenkinsFixedRHSA-2024:077812.02.2024
OCP-Tools-4.13-RHEL-8jenkinsFixedRHSA-2023:329924.05.2023
OCP-Tools-4.13-RHEL-8jenkinsFixedRHSA-2023:362215.06.2023
OpenShift Developer Tools and Services for OCP 4.11jenkinsFixedRHSA-2023:319817.05.2023
OpenShift Developer Tools and Services for OCP 4.11jenkinsFixedRHSA-2023:366319.06.2023
OpenShift Developer Tools and Services for OCP 4.11jenkinsFixedRHSA-2023:617130.10.2023
OpenShift Developer Tools and Services for OCP 4.11jenkinsFixedRHSA-2024:077512.02.2024

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low
Дефект:
CWE-200
https://bugzilla.redhat.com/show_bug.cgi?id=2177634Jenkins: Information disclosure through error stack traces related to agents

EPSS

Процентиль: 58%
0.00368
Низкий

5.3 Medium

CVSS3

Связанные уязвимости

nvd логотип

CVE-2023-27904

CVSS3: 5.3
nvd
почти 3 года назад

Jenkins 2.393 and earlier, LTS 2.375.3 and earlier prints an error stack trace on agent-related pages when agent connections are broken, potentially revealing information about Jenkins configuration that is otherwise inaccessible to attackers.

debian логотип

CVE-2023-27904

CVSS3: 5.3
debian
почти 3 года назад

Jenkins 2.393 and earlier, LTS 2.375.3 and earlier prints an error sta ...

github логотип

GHSA-rrgp-c2w8-6vg6

CVSS3: 3.1
github
почти 3 года назад

Information disclosure through error stack traces related to agents

EPSS

Процентиль: 58%
0.00368
Низкий

5.3 Medium

CVSS3