CVE-2018-1000150

CWE-200 — Information Exposure5 documents5 sources

Severity

3.3LOW

EPSS

0.0%

top 99.05%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Jenkins Reverse Proxy Auth

Timeline

PublishedApr 5

Latest updateMay 14

Description

An exposure of sensitive information vulnerability exists in Jenkins Reverse Proxy Auth Plugin 1.5 and older in ReverseProxySecurityRealm#authContext that allows attackers with local file system access to obtain a list of authorities for logged in users.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 1.8 | Impact: 1.4

Affected Packages2 packages

▶Mavenorg.jenkins-ci.plugins:reverse-proxy-auth-plugin< 1.6.0

▶NVDjenkins/reverse_proxy_auth1.5

🔴Vulnerability Details

OSV

Jenkins Reverse Proxy Auth Plugin allows attackers with local file system access to obtain a list of authorities for logged in users↗2022-05-14

▶

GHSA

Jenkins Reverse Proxy Auth Plugin allows attackers with local file system access to obtain a list of authorities for logged in users↗2022-05-14

▶

CVEList

CVE-2018-1000150: An exposure of sensitive information vulnerability exists in Jenkins Reverse Proxy Auth Plugin 1↗2018-04-05

▶

📋Vendor Advisories

Jenkins

Jenkins Security Advisory 2018-03-26↗2018-03-26

▶