An exposure of sensitive information vulnerability exists in Jenkins 2.115 and older, LTS 2.107.1 and older, in CLICommand.java and ViewOptionHandler.java that allows unauthorized attackers to confirm the existence of agents or views with an attacker-specified name by sending a CLI command to Jenkins.
References
Link | Resource |
---|---|
https://access.redhat.com/errata/RHBA-2018:1816 | |
https://jenkins.io/security/advisory/2018-04-11/#SECURITY-754 | Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2018-04-13T21:00:00
Updated: 2019-07-31T02:06:05
Reserved: 2018-04-13T00:00:00
Link: CVE-2018-1000169
JSON object: View
NVD Information
Status : Modified
Published: 2018-04-16T09:58:08.977
Modified: 2019-07-31T03:15:11.420
Link: CVE-2018-1000169
JSON object: View
Redhat Information
No data.
CWE