CVE-2018-1999006 log
| Source |
|
| Severity | Medium |
| Remote | Yes |
| Type | Information disclosure |
| Description | Files indicating when a plugin JPI file was last extracted into a subdirectory of plugins/ in the Jenkins home directory were accessible via HTTP by users with Overall/Read permission before Jenkins 2.133. This allowed unauthorized users to determine the likely install date of a given plugin. |
| Group | Package | Affected | Fixed | Severity | Status | Ticket |
|---|---|---|---|---|---|---|
| AVG-738 | jenkins | 2.132-1 | 2.133-1 | High | Fixed |
| Date | Advisory | Group | Package | Severity | Type |
|---|---|---|---|---|---|
| 21 Jul 2018 | ASA-201807-14 | AVG-738 | jenkins | High | multiple issues |
| References |
|---|
https://jenkins.io/security/advisory/2018-07-18/ |