Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

GHSA-x55p-6526-xmmp

GitHub Security Advisory

Exposure of Sensitive Information to an Unauthorized Actor in Jenkins

✓ GitHub Reviewed LOW Has CVE
View on GitHub

Advisory Details

Jenkins before versions 2.44 and 2.32.2 is vulnerable to a user data leak in disconnected agents' config.xml API. This could leak sensitive data such as API tokens (SECURITY-362).

Affected Packages

Maven org.jenkins-ci.main:jenkins-core
Affected versions: 0 (fixed in 2.32.2)
Maven org.jenkins-ci.main:jenkins-core
Affected versions: 2.34 (fixed in 2.44)

Related CVEs

CVE-2017-2603

Key Information

GHSA ID
GHSA-x55p-6526-xmmp
Published
May 13, 2022 1:36 AM
Last Modified
July 1, 2022 5:49 PM
CVSS Score
2.5 /10
Primary Ecosystem
Maven
Primary Package
org.jenkins-ci.main:jenkins-core
GitHub Reviewed
✓ Yes

Dataset

Last updated: July 28, 2025 6:37 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.