CVE-2016-3723

CVSS v3.0 4.3 (Medium)

CVSS v2.0 4 (Medium)

EPSS 0.15 % (52^th)

Affected Products 2

Advisories 5

Jenkins before 2.3 and LTS before 1.651.2 allow remote authenticated users with read access to obtain sensitive plugin installation information by leveraging missing permissions checks in unspecified XML/JSON API endpoints.

Weaknesses

CWE-200: Exposure of Sensitive Information to an Unauthorized Actor

CVE Status: PUBLISHED
CNA: Red Hat, Inc.
Published Date: 2016-05-17 14:08:07
(8 years ago)
Updated Date: 2018-01-05 02:30:43
(6 years ago)

Affected Products

Jenkins

Jenkins

Redhat

Openshift

Configuration #1

		CPE23	From	Up To
	Jenkins 2.2 and prior versions	cpe:2.3:a:jenkins:jenkins		<= 2.2

Configuration #2

		CPE23	From	Up To
	Jenkins 1.651.1 and prior versions	cpe:2.3:a:jenkins:jenkins::::*:lts		<= 1.651.1

Configuration #3

		CPE23	From	Up To
	Redhat Openshift 3.1	cpe:2.3:a:redhat:openshift:3.1:::*:enterprise
	Redhat Openshift 3.2	cpe:2.3:a:redhat:openshift:3.2:::*:enterprise