Bug 656234

Summary:	dev-util/jenkins-bin: Information disclosure vulnerability
Product:	Gentoo Security	Reporter:	GLSAMaker/CVETool Bot <glsamaker>
Component:	Vulnerabilities	Assignee:	Gentoo Security <security>
Status:	RESOLVED INVALID
Severity:	trivial	CC:	graaff, patrick
Priority:	Normal
Version:	unspecified
Hardware:	All
OS:	Linux
Whiteboard:	~4 [ebuild cve]
Package list:		Runtime testing required:	---

Description GLSAMaker/CVETool Bot gentoo-dev

2018-05-21 13:37:14 UTC

CVE-2018-1000169 (https://nvd.nist.gov/vuln/detail/CVE-2018-1000169):
  An exposure of sensitive information vulnerability exists in Jenkins 2.115
  and older, LTS 2.107.1 and older, in CLICommand.java and
  ViewOptionHandler.java that allows unauthorized attackers to confirm the
  existence of agents or views with an attacker-specified name by sending a
  CLI command to Jenkins.


@Maintainers please let us know when a fixed version is in tree.

Thank you,

Comment 1 Hans de Graaff gentoo-dev

2018-05-21 14:16:24 UTC

There are no vulnerable versions in the tree.

Comment 2 Christopher Díaz Riveros (RETIRED) gentoo-dev

2018-05-21 16:36:35 UTC

(In reply to Hans de Graaff from comment #1)
> There are no vulnerable versions in the tree.

yes, my bad.

Thanks for pointing it out.