CVE-2023-27904

LOW3.1EPSS 0.50%

Information disclosure through error stack traces related to agents

發布日:2023/3/10修改日:2026/2/4

描述

Jenkins 2.393 and earlier, LTS 2.375.3 and earlier, and prior to LTS 2.387.1 prints an error stack trace on agent-related pages when agent connections are broken, potentially revealing information about Jenkins configuration that is otherwise inaccessible to attackers. Jenkins 2.394, LTS 2.375.4, and LTS 2.387.1 does not display error stack traces when agent connections are broken.

受影響套件(2)

Bitnami/jenkinsfrom 0, < 2.394.0
Maven/org.jenkins-ci.main:jenkins-core>= 2.376, < 2.387.1

CVSS 分數

來源	版本	嚴重程度	向量
osv	CVSS 3.1	LOW3.1	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N

參考連結(4)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2023-27904
WEBhttps://github.com/CVEProject/cvelist/blob/master/2023/27xxx/CVE-2023-27904.json
WEBhttps://github.com/jenkinsci/jenkins/commit/40663588eea4ac953209bd8845b6b880792f92cc
WEBhttps://www.jenkins.io/security/advisory/2023-03-08/#SECURITY-2120