656234 – dev-util/jenkins-bin: Information disclosure vulnerability

Bug 656234 - dev-util/jenkins-bin: Information disclosure vulnerability

Summary: dev-util/jenkins-bin: Information disclosure vulnerability

Status:	RESOLVED INVALID

Alias:	None

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal trivial (vote)
Assignee:	Gentoo Security

URL:
Whiteboard:	~4 [ebuild cve]
Keywords:

Depends on:
Blocks:

Reported:	2018-05-21 13:37 UTC by GLSAMaker/CVETool Bot
Modified:	2018-05-21 16:36 UTC (History)
CC List:	2 users (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description GLSAMaker/CVETool Bot gentoo-dev

2018-05-21 13:37:14 UTC

CVE-2018-1000169 (https://nvd.nist.gov/vuln/detail/CVE-2018-1000169):
  An exposure of sensitive information vulnerability exists in Jenkins 2.115
  and older, LTS 2.107.1 and older, in CLICommand.java and
  ViewOptionHandler.java that allows unauthorized attackers to confirm the
  existence of agents or views with an attacker-specified name by sending a
  CLI command to Jenkins.


@Maintainers please let us know when a fixed version is in tree.

Thank you,

Comment 1 Hans de Graaff gentoo-dev

2018-05-21 14:16:24 UTC

There are no vulnerable versions in the tree.

Comment 2 Christopher Díaz Riveros (RETIRED) gentoo-dev

2018-05-21 16:36:35 UTC

(In reply to Hans de Graaff from comment #1)
> There are no vulnerable versions in the tree.

yes, my bad.

Thanks for pointing it out.