CVE-2016-3727

The API URL computer/(master)/api/xml in Jenkins before 2.3 and LTS before 1.651.2 allows remote authenticated users with extended read permission for the master node to obtain sensitive information about the global configuration via unspecified vectors.
Configurations

Configuration 1 (hide)

cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*

Configuration 3 (hide)

OR cpe:2.3:a:redhat:openshift:3.1:*:*:*:enterprise:*:*:*
cpe:2.3:a:redhat:openshift:3.2:*:*:*:enterprise:*:*:*

History

No history.

Information

Published : 2016-05-17 14:08

Updated : 2024-02-28 15:21


NVD link : CVE-2016-3727

Mitre link : CVE-2016-3727

CVE.ORG link : CVE-2016-3727


JSON object : View

Products Affected

jenkins

  • jenkins

redhat

  • openshift
CWE
CWE-200

Exposure of Sensitive Information to an Unauthorized Actor