CVE-2016-3723 – org.jenkins-ci.main:jenkins-core

Package

Manager: maven
Name: org.jenkins-ci.main:jenkins-core
Vulnerable Version: >=0 <2.3

Severity

Level: Medium

CVSS v3.1: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00046 pctl0.13442

Details

Exposure of Sensitive Information in Jenkins Core Jenkins before 2.3 and LTS before 1.651.2 allow remote authenticated users with read access to obtain sensitive plugin installation information by leveraging missing permissions checks in unspecified XML/JSON API endpoints.

Metadata

Created: 2022-05-14T03:57:45Z
Modified: 2022-11-02T00:41:25Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-8572-5jrg-mx52/GHSA-8572-5jrg-mx52.json
CWE IDs: ["CWE-200"]
Alternative ID: GHSA-8572-5jrg-mx52
Finding: F038
Auto approve: 1