CVE-2016-3727: Infoleak
First published: Thu May 12 2016(Updated: )
The API URL computer/(master)/api/xml in Jenkins before 2.3 and LTS before 1.651.2 allows remote authenticated users with extended read permission for the master node to obtain sensitive information about the global configuration via unspecified vectors.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/Jenkins | <2.3 | 2.3 |
| redhat/Jenkins | <1.651.2 | 1.651.2 |
| Jenkins Jenkins | <=2.2 | |
| Jenkins Jenkins | <=1.651.1 | |
| Redhat Openshift | =3.1 | |
| Redhat Openshift | =3.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://rhn.redhat.com/errata/RHSA-2016-1773.html
- https://access.redhat.com/errata/RHSA-2016:1206
- https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11
- https://www.cloudbees.com/jenkins-security-advisory-2016-05-11
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1335427
- https://rhn.redhat.com/errata/RHSA-2016-1773.html
- https://bugzilla.redhat.com/show_bug.cgi?id=1335422
- agent/type
- agent/first-publish-date
- agent/last-modified-date
- agent/severity
- agent/author
- agent/references
- agent/weakness
- agent/description
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2016-3727
- agent/software-canonical-lookup
- agent/event
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/softwarecombine
- agent/tags
- collector/mitre-cve
- source/MITRE
- package-manager/redhat
- vendor/jenkins
- canonical/jenkins jenkins
- version/jenkins jenkins/2.2
- version/jenkins jenkins/1.651.1
- vendor/redhat
- canonical/redhat openshift
- version/redhat openshift/3.1
- version/redhat openshift/3.2