CVE-2023-27904

EUVD-2023-1101
Jenkins 2.393 and earlier, LTS 2.375.3 and earlier prints an error stack trace on agent-related pages when agent connections are broken, potentially revealing information about Jenkins configuration that is otherwise inaccessible to attackers.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.3 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CISA-ADPADP
5.3 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 61%
Affected Products (NVD)
VendorProductVersion
jenkinsjenkins
𝑥
< 2.375.4
jenkinsjenkins
𝑥
< 2.394
𝑥
= Vulnerable software versions
References
https://www.jenkins.io/security/advisory/2023-03-08/#SECURITY-2120
https://www.jenkins.io/security/advisory/2023-03-08/#SECURITY-2120