Information disclosure through error stack traces related to agents

GHSA-rrgp-c2w8-6vg6 · BIT-jenkins-2023-27904 · CVE-2023-27904

Published Mar 10, 2023 · Modified Feb 4, 2026

Description

Jenkins 2.393 and earlier, LTS 2.375.3 and earlier, and prior to LTS 2.387.1 prints an error stack trace on agent-related pages when agent connections are broken, potentially revealing information about Jenkins configuration that is otherwise inaccessible to attackers.

Jenkins 2.394, LTS 2.375.4, and LTS 2.387.1 does not display error stack traces when agent connections are broken.

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2023-27904
WEB https://github.com/jenkinsci/jenkins/commit/40663588eea4ac953209bd8845b6b880792f92cc
WEB https://github.com/CVEProject/cvelist/blob/master/2023/27xxx/CVE-2023-27904.json
WEB https://www.jenkins.io/security/advisory/2023-03-08/#SECURITY-2120

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes