CVE-2016-3723 — Sensitive Information Exposure in Jenkins

CWE-200 — Sensitive Information Exposure8 documents7 sources

Severity

4.3MEDIUMNVD

EPSS

0.1%

top 78.76%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Jenkins Redhat Openshift

Timeline

PublishedMay 17

Latest updateMay 14

Description

Jenkins before 2.3 and LTS before 1.651.2 allow remote authenticated users with read access to obtain sensitive plugin installation information by leveraging missing permissions checks in unspecified XML/JSON API endpoints.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages2 packages

▶NVDjenkins/jenkins2.2+1

▶NVDredhat/openshift3.1, 3.2+1

🔴Vulnerability Details

GHSA

Exposure of Sensitive Information in Jenkins Core↗2022-05-14

▶

OSV

Exposure of Sensitive Information in Jenkins Core↗2022-05-14

▶

CVEList

CVE-2016-3723: Jenkins before 2↗2016-05-17

▶

📋Vendor Advisories

Red Hat

jenkins: Information on installed plugins exposed via API (SECURITY-250)↗2016-05-11

▶

Jenkins

Jenkins Security Advisory 2016-05-11↗2016-05-11

▶

💬Community

Bugzilla

CVE-2016-3723 jenkins: Information on installed plugins exposed via API (SECURITY-250)↗2016-05-12

▶

Bugzilla

CVE-2016-3721 CVE-2016-3722 CVE-2016-3723 CVE-2016-3724 CVE-2016-3725 CVE-2016-3726 CVE-2016-3727 jenkins: various flaws [fedora-all]↗2016-05-12

▶