CVE-2023-27904

Jenkins 2.393 and earlier, LTS 2.375.3 and earlier prints an error stack trace on agent-related pages when agent connections are broken, potentially revealing information about Jenkins configuration that is otherwise inaccessible to attackers.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.3 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
jenkinsCNA
---
---
CVEADP
---
---
CISA-ADPADP
5.3 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 33%
VendorProductVersion
jenkinsjenkins
𝑥
< 2.375.4
jenkinsjenkins
𝑥
< 2.394
𝑥
= Vulnerable software versions
References
https://www.jenkins.io/security/advisory/2023-03-08/#SECURITY-2120
https://www.jenkins.io/security/advisory/2023-03-08/#SECURITY-2120