CVE-2017-1000395
CVSS v3.0
4.3 (Medium)
CVSS v2.0
4 (Medium)
EPSS
0.08 % (34th)
Affected Products
1
Advisories
1
Jenkins 2.73.1 and earlier, 2.83 and earlier provides information about Jenkins user accounts which is generally available to anyone with Overall/Read permissions via the /user/(username)/api remote API. This included e.g. Jenkins users' email addresses if the Mailer Plugin is installed. The remote API now no longer includes information beyond the most basic (user ID and name) unless the user requesting it is a Jenkins administrator.
Weaknesses
- CWE-200
- Exposure of Sensitive Information to an Unauthorized Actor
- CVE Status
- PUBLISHED
- CNA
- MITRE
- Published Date
-
2018-01-26 02:29:00
(6 years ago) - Updated Date
-
2019-05-08 22:24:23
(5 years ago)
Affected Products
Loading...
Loading...
Loading...
Configuration #1
|
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...