CVE-2016-3724 – org.jenkins-ci.main:jenkins-core

Package

Manager: maven
Name: org.jenkins-ci.main:jenkins-core
Vulnerable Version: >=1.652 <2.3 || >=0 <1.651.2

Severity

Level: Medium

CVSS v3.1: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00148 pctl0.35962

Details

Jenkins Exposes Sensitive Information from Job Configuration Jenkins before 2.3 and LTS before 1.651.2 allow remote authenticated users with extended read access to obtain sensitive password information by reading a job configuration.

Metadata

Created: 2022-05-14T03:57:44Z
Modified: 2025-03-13T19:03:38Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-7vvj-qqvj-h8mc/GHSA-7vvj-qqvj-h8mc.json
CWE IDs: ["CWE-200"]
Alternative ID: GHSA-7vvj-qqvj-h8mc
Finding: F038
Auto approve: 1