Note:
This project will be discontinued after December 13, 2021. [more]
2020-01-29
Jenkins 2.218 and earlier, LTS 2.204.1 and earlier exposed session identifiers on a user's detail object in the whoAmI diagnostic page.
| Products | Jenkins |
| Type | Information Exposure (CWE-200) |
| First patch | - None (likely due to unavailable code) |
| Links |
• https://access.redhat.com/errata/RHSA-2020:0683
• https://access.redhat.com/errata/RHSA-2020:0681 • https://access.redhat.com/errata/RHBA-2020:0675 • https://access.redhat.com/errata/RHBA-2020:0402 • http://www.openwall.com/lists/oss-security/2020/01/29/1 |