Description
An improper authorization vulnerability exists in Jenkins versions 2.106 and earlier, and LTS 2.89.3 and earlier, that allows an attacker to have Jenkins submit HTTP GET requests and get limited information about the response.
References (2)
Core 2
Core References
Patch, Third Party Advisory x_refsource_misc
https://www.oracle.com/security-alerts/cpuapr2022.html
Vendor Advisory x_refsource_confirm
https://jenkins.io/security/advisory/2018-02-14/#SECURITY-506
Scores
CVSS v3
5.3
EPSS
0.0035
EPSS Percentile
57.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Details
CWE
CWE-918
Status
published
Products (4)
jenkins/jenkins
< 2.106
jenkins/jenkins
< 2.89.3
oracle/communications_cloud_native_core_automated_test_suite
1.9.0
org.jenkins-ci.main/jenkins-core
0 - 2.89.4Maven
Published
Feb 16, 2018
Tracked Since
Feb 18, 2026