CVE-2016-3727 – org.jenkins-ci.main:jenkins-core

Package

Manager: maven
Name: org.jenkins-ci.main:jenkins-core
Vulnerable Version: >=1.652 <2.3 || >=0 <1.651.2

Severity

Level: Medium

CVSS v3.1: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00063 pctl0.19889

Details

Jenkins Exposes Sensitive Information via API URL The API URL computer/(master)/api/xml in Jenkins before 2.3 and LTS before 1.651.2 allows remote authenticated users with extended read permission for the master node to obtain sensitive information about the global configuration via unspecified vectors.

Metadata

Created: 2022-05-14T03:57:43Z
Modified: 2025-03-13T17:56:30Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-6cr3-cm5h-8q96/GHSA-6cr3-cm5h-8q96.json
CWE IDs: ["CWE-200"]
Alternative ID: GHSA-6cr3-cm5h-8q96
Finding: F038
Auto approve: 1