DirectorySecurity Advisories
Sign In
Security Advisories

CGA-ffq6-2m67-x25c

Published

Last updated

https://images.chainguard.dev/security/CGA-ffq6-2m67-x25c
Package

jenkins

Latest Update
Fixed
Fixed Version

2.395-r0

Aliases
  • CVE-2023-27904
  • GHSA-rrgp-c2w8-6vg6

Severity

3.1

Low

CVSS V3

Summary

Information disclosure through error stack traces related to agents

Description

Jenkins 2.393 and earlier, LTS 2.375.3 and earlier, and prior to LTS 2.387.1 prints an error stack trace on agent-related pages when agent connections are broken, potentially revealing information about Jenkins configuration that is otherwise inaccessible to attackers.

Jenkins 2.394, LTS 2.375.4, and LTS 2.387.1 does not display error stack traces when agent connections are broken.

References

Updates


Safe Source for Open Sourceâ„¢
Media KitContact Us
© 2024 Chainguard. All Rights Reserved.
Private PolicyTerms of Use

Product

Chainguard Images