CVE-2018-1999006 log

Source
Severity Medium
Remote Yes
Type Information disclosure
Description
Files indicating when a plugin JPI file was last extracted into a subdirectory of plugins/ in the Jenkins home directory were accessible via HTTP by users with Overall/Read permission before Jenkins 2.133. This allowed unauthorized users to determine the likely install date of a given plugin.
Group Package Affected Fixed Severity Status Ticket
AVG-738 jenkins 2.132-1 2.133-1 High Fixed
Date Advisory Group Package Severity Description
21 Jul 2018 ASA-201807-14 AVG-738 jenkins High multiple issues
References
https://jenkins.io/security/advisory/2018-07-18/