4.3

CVE-2016-3727

EPSS 0.1%
Veröffentlicht 17.05.2016 14:08:11
Zuletzt bearbeitet 12.04.2025 10:46:40
Quelle secalert@redhat.com
Teams Watchlist Login
Unerledigt Login

The API URL computer/(master)/api/xml in Jenkins before 2.3 and LTS before 1.651.2 allows remote authenticated users with extended read permission for the master node to obtain sensitive information about the global configuration via unspecified vectors.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 7

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Jenkins ≫ Jenkins Version <= 2.2

Jenkins ≫ Jenkins SwEditionlts Version <= 1.651.1

Redhat ≫ Openshift Version3.1 SwEditionenterprise

Redhat ≫ Openshift Version3.2 SwEditionenterprise

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.1%	0.283

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	4.3	2.8	1.4	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
nvd@nist.gov	4	8	2.9	AV:N/AC:L/Au:S/C:P/I:N/A:N

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

http://rhn.redhat.com/errata/RHSA-2016-1773.html

https://access.redhat.com/errata/RHSA-2016:1206

https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11

Vendor Advisory

https://www.cloudbees.com/jenkins-security-advisory-2016-05-11

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2016-3727

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2016-3727

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2016-3727

EUVD