CVE-2023-27904

Generation of Error Message Containing Sensitive Information in maven/org.jenkins-ci.main/jenkins-core

Identifiers

CVE-2023-27904

Package Slug

maven/org.jenkins-ci.main/jenkins-core

Vulnerability

Generation of Error Message Containing Sensitive Information

Description

Jenkins 2.393 and earlier, LTS 2.375.3 and earlier prints an error stack trace on agent-related pages when agent connections are broken, potentially revealing information about Jenkins configuration that is otherwise inaccessible to attackers.

Affected Versions

All versions after 2.375.4 before 2.394

Solution

Upgrade to version 2.394 or above.

Last Modified

2023-03-16

source