CVE-2018-1000169

medium

Description

An exposure of sensitive information vulnerability exists in Jenkins 2.115 and older, LTS 2.107.1 and older, in CLICommand.java and ViewOptionHandler.java that allows unauthorized attackers to confirm the existence of agents or views with an attacker-specified name by sending a CLI command to Jenkins.

References

https://jenkins.io/security/advisory/2018-04-11/#SECURITY-754

https://access.redhat.com/errata/RHBA-2018:1816

Details

Source: Mitre, NVD

Published: 2018-04-16

Updated: 2019-07-31

Risk Information

CVSS v2

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Severity: Medium

CVSS v3

Base Score: 5.3

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Severity: Medium