The API URL computer/(master)/api/xml in Jenkins before 2.3 and LTS before 1.651.2 allows remote authenticated users with extended read permission for the master node to obtain sensitive information about the global configuration via unspecified vectors.

Affected Packages

Maven org.jenkins-ci.main:jenkins-core

Affected versions: 1.652 (fixed in 2.3)

Maven org.jenkins-ci.main:jenkins-core

Affected versions: 0 (fixed in 1.651.2)

Related CVEs

CVE-2016-3727

Key Information

GHSA ID

GHSA-6cr3-cm5h-8q96

Published

May 14, 2022 3:57 AM

Last Modified

March 13, 2025 5:56 PM

CVSS Score

5.0 /10

Primary Ecosystem

Maven

Primary Package

org.jenkins-ci.main:jenkins-core

GitHub Reviewed

✓ Yes

Dataset

Last updated: July 28, 2025 6:37 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.