CVE-2016-3727
MEDIUM4.3EPSS 0.09%Jenkins Exposes Sensitive Information via API URL
Published: 5/14/2022Modified: 3/13/2025
Description
The API URL computer/(master)/api/xml in Jenkins before 2.3 and LTS before 1.651.2 allows remote authenticated users with extended read permission for the master node to obtain sensitive information about the global configuration via unspecified vectors.
Affected packages (1)
- Maven/org.jenkins-ci.main:jenkins-core>= 1.652, < 2.3
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM4.3 | CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |
References (7)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2016-3727
- PATCHhttps://github.com/jenkinsci/jenkins
- WEBhttp://rhn.redhat.com/errata/RHSA-2016-1773.html
- WEBhttps://access.redhat.com/errata/RHSA-2016:1206
- WEBhttps://github.com/jenkinsci/jenkins/commit/d66ad6f3ee46a5c6bb865bb831e8cdfc74cd7eb3
- WEBhttps://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11
- WEBhttps://www.cloudbees.com/jenkins-security-advisory-2016-05-11