← back
CVE-2016-3727

CVE-2016-3727

EPSS 2.2%
The API URL computer/(master)/api/xml in Jenkins before 2.3 and LTS before 1.651.2 allows remote authenticated users with extended read permission for the master node to obtain sensitive information about the global configuration via unspecified vectors.
Affected products
n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://rhn.redhat.com/errata/RHSA-2016-1773.htmlhttps://access.redhat.com/errata/RHSA-2016:1206https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11https://www.cloudbees.com/jenkins-security-advisory-2016-05-11