First published: Fri Jan 26 2018(Updated: )
The Jenkins 2.73.1 and earlier, 2.83 and earlier remote API at /job/(job-name)/api contained information about upstream and downstream projects. This included information about tasks that the current user otherwise has no access to, e.g. due to lack of Item/Read permission. This has been fixed, and the API now only lists upstream and downstream projects that the current user has access to.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Jenkins Jenkins | <=2.73.1 | |
Jenkins Jenkins | <=2.83 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.