CVE-2023-27904

Summary

Jenkins 2.393 and earlier, LTS 2.375.3 and earlier prints an error stack trace on agent-related pages when agent connections are broken, potentially revealing information about Jenkins configuration that is otherwise inaccessible to attackers.

Affected Software

VendorProductVersion RangeStatus
Jenkins ProjectJenkins2.394 < *unaffected
Jenkins ProjectJenkins2.375.4 < 2.375.*unaffected
Jenkins ProjectJenkins2.387.1 < 2.387.*unaffected

Weaknesses

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References