Upstream information
Description
The API URL computer/(master)/api/xml in Jenkins before 2.3 and LTS before 1.651.2 allows remote authenticated users with extended read permission for the master node to obtain sensitive information about the global configuration via unspecified vectors.SUSE information
Overall state of this security issue: Does not affect SUSE products
This issue is currently rated as having important severity.
| National Vulnerability Database | |
|---|---|
| Base Score | 4 |
| Vector | AV:N/AC:L/Au:S/C:P/I:N/A:N |
| Access Vector | Network |
| Access Complexity | Low |
| Authentication | Single |
| Confidentiality Impact | Partial |
| Integrity Impact | None |
| Availability Impact | None |
| National Vulnerability Database | |
|---|---|
| Base Score | 4.3 |
| Vector | CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |
| Attack Vector | Network |
| Attack Complexity | Low |
| Privileges Required | Low |
| User Interaction | None |
| Scope | Unchanged |
| Confidentiality Impact | Low |
| Integrity Impact | None |
| Availability Impact | None |
| CVSSv3 Version | 3 |
SUSE Timeline for this CVE
CVE page created: Thu May 12 01:16:13 2016CVE page last modified: Fri Jun 30 11:30:09 2023