Description

The API URL computer/(master)/api/xml in Jenkins before 2.3 and LTS before 1.651.2 allows remote authenticated users with extended read permission for the master node to obtain sensitive information about the global configuration via unspecified vectors.

Remediation

References

CVE-2016-3727

Related Vulnerabilities

WordPress Plugin YITH WooCommerce Multi Vendor Security Bypass (3.4.0)

WordPress Plugin WPFront Notification Bar Cross-Site Scripting (1.9.1.04012)

WordPress Plugin Notices Ticker Cross-Site Request Forgery (5.0)

WordPress Plugin Flickr Justified Gallery Cross-Site Scripting (3.3.6)

Python Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2016-4472)

Severity

Medium

Classification

CVE-2016-3727 CWE-200 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Missing Update Known Vulnerabilities