CVE-2018-1000169
MEDIUMJenkins < 2.105, < 2.107.1, < 2.107.2 - Unauthenticated Sensitive Information Exposure via CLI Command
Title source: llmDescription
An exposure of sensitive information vulnerability exists in Jenkins 2.115 and older, LTS 2.107.1 and older, in CLICommand.java and ViewOptionHandler.java that allows unauthorized attackers to confirm the existence of agents or views with an attacker-specified name by sending a CLI command to Jenkins.
References (2)
Core 2
Core References
Vendor Advisory x_refsource_confirm
https://jenkins.io/security/advisory/2018-04-11/#SECURITY-754
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHBA-2018:1816
Scores
CVSS v3
5.3
EPSS
0.0019
EPSS Percentile
39.8%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Details
CWE
CWE-200
Status
published
Products (3)
jenkins/jenkins
< 2.105
jenkins/jenkins
< 2.107.1
org.jenkins-ci.main/jenkins-core
0 - 2.107.2Maven
Published
Apr 16, 2018
Tracked Since
Feb 18, 2026