jenkins: Granting the permission to read node configurations allows access to overall system configuration (SECURITY-281)

🗓️ 06 Jun 2016 19:06:23Reported by RedHatType

redhat

redhat🔗 access.redhat.com👁 3 Views

Reading node configurations exposes global system configuration via a vulnerable master interface.

Reporter	Title	Published	Views	Family All 36
CNVD	CloudBees Jenkins CI and Jenkins LTS Information Disclosure Vulnerability (CNVD-2016-03162)	13 May 201600:00	–	cnvd
CVE	CVE-2016-3727	17 May 201614:00	–	cve
Cvelist	CVE-2016-3727	17 May 201614:00	–	cvelist
FreeBSD	jenkins -- multiple vulnerabilities	11 May 201600:00	–	freebsd
EUVD	EUVD-2016-4744	7 Oct 202500:30	–	euvd
Fedora	[SECURITY] Fedora 24 Update: jenkins-1.651.2-1.fc24	21 May 201620:52	–	fedora
Fedora	[SECURITY] Fedora 23 Update: jenkins-1.625.3-4.fc23	26 May 201621:54	–	fedora
Fedora	[SECURITY] Fedora 22 Update: jenkins-1.609.3-7.fc22	26 May 201622:20	–	fedora
Tenable Nessus	Fedora 23 : jenkins (2016-9ba53cf8a2)	14 Jul 201600:00	–	nessus
Tenable Nessus	Fedora 22 : jenkins (2016-f7e7a6067d)	14 Jul 201600:00	–	nessus

OS	OS Version	Architecture	Package	Package Version	Filename
Red Hat Enterprise Linux	7	any	jenkins	0:1.651.2-1.el7	jenkins-0:1.651.2-1.el7.noarch.rpm
Red Hat Enterprise Linux	7	x86_64	jenkins-plugin-openshift-pipeline	0:1.0.12-1.el7	jenkins-plugin-openshift-pipeline-0:1.0.12-1.el7.x86_64.rpm

Source	Link
access	www.access.redhat.com/security/cve/CVE-2016-3727
bugzilla	www.bugzilla.redhat.com/show_bug.cgi
nvd	www.nvd.nist.gov/vuln/detail/CVE-2016-3727
wiki	www.wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11
cve	www.cve.org/CVERecord

19 Feb 2026 17:40Current

5.9Medium risk

Vulners AI Score5.9

CVSS 24

CVSS 34.3

EPSS0.0009

node configurations global configuration master extended read vulnerable web interface jenkins