CVE-2016-3727
MEDIUMJenkins <2.3, <1.651.2 - Info Disclosure
Title source: llmDescription
The API URL computer/(master)/api/xml in Jenkins before 2.3 and LTS before 1.651.2 allows remote authenticated users with extended read permission for the master node to obtain sensitive information about the global configuration via unspecified vectors.
References (4)
Scores
CVSS v3
4.3
EPSS
0.0009
EPSS Percentile
25.4%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Classification
CWE
CWE-200
Status
draft
Affected Products (5)
jenkins/jenkins
< 2.2
jenkins/jenkins
< 1.651.1
redhat/openshift
redhat/openshift
org.jenkins-ci.main/jenkins-core
< 2.3Maven
Timeline
Published
May 17, 2016
Tracked Since
Feb 18, 2026