CVE-2016-3727
Jenkins Exposes Sensitive Information via API URL
4.3
MEDIUM
CVSS 3.1
EPSS 0.09%
Description
The API URL computer/(master)/api/xml in Jenkins before 2.3 and LTS before 1.651.2 allows remote authenticated users with extended read permission for the master node to obtain sensitive information about the global configuration via unspecified vectors.
How to fix CVE-2016-3727
To remediate CVE-2016-3727, upgrade the affected package to a fixed version below.
- —upgrade to 2.3 or later
Is CVE-2016-3727 being exploited?
Low — EPSS is 0.1%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- >= 1.652, < 2.3
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM4.3 | CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |