Jenkins Exposes Sensitive Information from Job Configuration

GHSA-7vvj-qqvj-h8mc · CVE-2016-3724

Published May 14, 2022 · Modified Mar 13, 2025

Description

Jenkins before 2.3 and LTS before 1.651.2 allow remote authenticated users with extended read access to obtain sensitive password information by reading a job configuration.

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2016-3724
WEB https://access.redhat.com/errata/RHSA-2016:1206
PACKAGE https://github.com/jenkinsci/jenkins
WEB https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11
WEB https://www.cloudbees.com/jenkins-security-advisory-2016-05-11
WEB http://rhn.redhat.com/errata/RHSA-2016-1773.html

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes