Home

CVE-2018-1999006

Description

A exposure of sensitive information vulnerability exists in Jenkins 2.132 and earlier, 2.121.1 and earlier in Plugin.java that allows attackers to determine the date and time when a plugin HPI/JPI file was last extracted, which typically is the date of the most recent installation/upgrade.

Risk Information

Base Score
4.3
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
EPSS Score
Exploitation Probability
0.161

Associated Vulnerability

VulnerabilityOS Platform
Multiple vulnerabilities affected in Jenkins 2.132Windows
Multiple vulnerabilities are fixed in Jenkins-Core 2.121.2Windows
Multiple vulnerabilities are fixed in Jenkins-Core 2.132Windows
Multiple vulnerabilities affected in Jenkins 2.132 (For Ubuntu)Linux
Multiple vulnerabilities affected in Jenkins 2.132 (For Debian)Linux
Multiple vulnerabilities affected in Jenkins 2.132 (For Centos)Linux
Multiple vulnerabilities affected in Jenkins 2.132 (For RedHat)Linux
Multiple vulnerabilities affected in Jenkins 2.132 (For Suse)Linux
Multiple vulnerabilities are fixed in Jenkins-Core for Linux 2.121.2Linux
Multiple vulnerabilities are fixed in Jenkins-Core for Linux 2.132Linux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234