Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 656234

Summary: dev-util/jenkins-bin: Information disclosure vulnerability
Product: Gentoo Security Reporter: GLSAMaker/CVETool Bot <glsamaker>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED INVALID    
Severity: trivial CC: graaff, patrick
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard: ~4 [ebuild cve]
Package list:
Runtime testing required: ---

Description GLSAMaker/CVETool Bot gentoo-dev 2018-05-21 13:37:14 UTC
CVE-2018-1000169 (https://nvd.nist.gov/vuln/detail/CVE-2018-1000169):
  An exposure of sensitive information vulnerability exists in Jenkins 2.115
  and older, LTS 2.107.1 and older, in CLICommand.java and
  ViewOptionHandler.java that allows unauthorized attackers to confirm the
  existence of agents or views with an attacker-specified name by sending a
  CLI command to Jenkins.


@Maintainers please let us know when a fixed version is in tree.

Thank you,
Comment 1 Hans de Graaff gentoo-dev Security 2018-05-21 14:16:24 UTC
There are no vulnerable versions in the tree.
Comment 2 Christopher Díaz Riveros (RETIRED) gentoo-dev Security 2018-05-21 16:36:35 UTC
(In reply to Hans de Graaff from comment #1)
> There are no vulnerable versions in the tree.

yes, my bad.

Thanks for pointing it out.