Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 656234 - dev-util/jenkins-bin: Information disclosure vulnerability
Summary: dev-util/jenkins-bin: Information disclosure vulnerability
Status: RESOLVED INVALID
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal trivial
Assignee: Gentoo Security
URL:
Whiteboard: ~4 [ebuild cve]
Keywords:
Depends on:
Blocks:
 
Reported: 2018-05-21 13:37 UTC by GLSAMaker/CVETool Bot
Modified: 2018-05-21 16:36 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description GLSAMaker/CVETool Bot gentoo-dev 2018-05-21 13:37:14 UTC
CVE-2018-1000169 (https://nvd.nist.gov/vuln/detail/CVE-2018-1000169):
  An exposure of sensitive information vulnerability exists in Jenkins 2.115
  and older, LTS 2.107.1 and older, in CLICommand.java and
  ViewOptionHandler.java that allows unauthorized attackers to confirm the
  existence of agents or views with an attacker-specified name by sending a
  CLI command to Jenkins.


@Maintainers please let us know when a fixed version is in tree.

Thank you,
Comment 1 Hans de Graaff gentoo-dev Security 2018-05-21 14:16:24 UTC
There are no vulnerable versions in the tree.
Comment 2 Christopher Díaz Riveros (RETIRED) gentoo-dev Security 2018-05-21 16:36:35 UTC
(In reply to Hans de Graaff from comment #1)
> There are no vulnerable versions in the tree.

yes, my bad.

Thanks for pointing it out.