CVE-2016-3724 — Sensitive Information Exposure in Jenkins

CWE-200 — Sensitive Information Exposure8 documents7 sources

Severity

6.5MEDIUMNVD

EPSS

0.3%

top 51.41%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Jenkins Redhat Openshift

Timeline

PublishedMay 17

Latest updateMay 14

Description

Jenkins before 2.3 and LTS before 1.651.2 allow remote authenticated users with extended read access to obtain sensitive password information by reading a job configuration.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

▶NVDjenkins/jenkins1.649+1

▶NVDredhat/openshift3.1, 3.2+1

🔴Vulnerability Details

GHSA

Jenkins Exposes Sensitive Information from Job Configuration↗2022-05-14

▶

OSV

Jenkins Exposes Sensitive Information from Job Configuration↗2022-05-14

▶

CVEList

CVE-2016-3724: Jenkins before 2↗2016-05-17

▶

📋Vendor Advisories

Red Hat

jenkins: Encrypted secrets (e.g. passwords) were leaked to users with permission to read configuration (SECURITY-266)↗2016-05-11

▶

Jenkins

Jenkins Security Advisory 2016-05-11↗2016-05-11

▶

💬Community

Bugzilla

CVE-2016-3721 CVE-2016-3722 CVE-2016-3723 CVE-2016-3724 CVE-2016-3725 CVE-2016-3726 CVE-2016-3727 jenkins: various flaws [fedora-all]↗2016-05-12

▶

Bugzilla

CVE-2016-3724 jenkins: Encrypted secrets (e.g. passwords) were leaked to users with permission to read configuration (SECURITY-266)↗2016-05-12

▶