{ "threat_severity" : "Low", "public_date" : "2023-03-10T00:00:00Z", "bugzilla" : { "description" : "Jenkins: Information disclosure through error stack traces related to agents", "id" : "2177634", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2177634" }, "cvss3" : { "cvss3_base_score" : "5.3", "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "status" : "verified" }, "cwe" : "CWE-200", "details" : [ "Jenkins 2.393 and earlier, LTS 2.375.3 and earlier prints an error stack trace on agent-related pages when agent connections are broken, potentially revealing information about Jenkins configuration that is otherwise inaccessible to attackers.", "A flaw was found in Jenkins. The affected version of Jenkins prints an error stack trace on agent-related pages when agent connections are broken. This stack trace may contain information about Jenkins configuration that is otherwise inaccessible to attackers." ], "statement" : "OpenShift 3.11 is already in the ELS support model phase. The Jenkins components are out of the scope of the ELS support; hence OpenShift 3.11 Jenkins component is marked in this CVE as Out of Support Scope.", "affected_release" : [ { "product_name" : "OCP-Tools-4.12-RHEL-8", "release_date" : "2023-05-18T00:00:00Z", "advisory" : "RHSA-2023:3195", "cpe" : "cpe:/a:redhat:ocp_tools:4.12::el8", "package" : "jenkins-0:2.387.1.1683009767-3.el8" }, { "product_name" : "OCP-Tools-4.12-RHEL-8", "release_date" : "2023-10-30T00:00:00Z", "advisory" : "RHSA-2023:6172", "cpe" : "cpe:/a:redhat:ocp_tools:4.12::el8", "package" : "jenkins-0:2.414.3.1698293911-3.el8" }, { "product_name" : "OCP-Tools-4.12-RHEL-8", "release_date" : "2024-02-12T00:00:00Z", "advisory" : "RHSA-2024:0778", "cpe" : "cpe:/a:redhat:ocp_tools:4.12::el8", "package" : "jenkins-0:2.426.3.1706515686-3.el8" }, { "product_name" : "OCP-Tools-4.13-RHEL-8", "release_date" : "2023-05-24T00:00:00Z", "advisory" : "RHSA-2023:3299", "cpe" : "cpe:/a:redhat:ocp_tools:4.13::el8", "package" : "jenkins-0:2.387.3.1684911776-3.el8" }, { "product_name" : "OCP-Tools-4.13-RHEL-8", "release_date" : "2023-06-15T00:00:00Z", "advisory" : "RHSA-2023:3622", "cpe" : "cpe:/a:redhat:ocp_tools:4.13::el8", "package" : "jenkins-0:2.401.1.1686680404-3.el8" }, { "product_name" : "OpenShift Developer Tools and Services for OCP 4.11", "release_date" : "2023-05-17T00:00:00Z", "advisory" : "RHSA-2023:3198", "cpe" : "cpe:/a:redhat:ocp_tools:4.11::el8", "package" : "jenkins-0:2.387.1.1683009763-3.el8" }, { "product_name" : "OpenShift Developer Tools and Services for OCP 4.11", "release_date" : "2023-06-19T00:00:00Z", "advisory" : "RHSA-2023:3663", "cpe" : "cpe:/a:redhat:ocp_tools:4.11::el8", "package" : "jenkins-0:2.401.1.1686831596-3.el8" }, { "product_name" : "OpenShift Developer Tools and Services for OCP 4.11", "release_date" : "2023-10-30T00:00:00Z", "advisory" : "RHSA-2023:6171", "cpe" : "cpe:/a:redhat:ocp_tools:4.11::el8", "package" : "jenkins-0:2.414.3.1698298955-3.el8" }, { "product_name" : "OpenShift Developer Tools and Services for OCP 4.11", "release_date" : "2024-02-12T00:00:00Z", "advisory" : "RHSA-2024:0775", "cpe" : "cpe:/a:redhat:ocp_tools:4.11::el8", "package" : "jenkins-0:2.426.3.1706516929-3.el8" }, { "product_name" : "Red Hat OpenShift Container Platform 4.10", "release_date" : "2023-04-12T00:00:00Z", "advisory" : "RHSA-2023:1655", "cpe" : "cpe:/a:redhat:openshift:4.10::el8", "package" : "jenkins-0:2.387.1.1680701869-1.el8" } ], "package_state" : [ { "product_name" : "Red Hat OpenShift Container Platform 3.11", "fix_state" : "Out of support scope", "package_name" : "jenkins", "cpe" : "cpe:/a:redhat:openshift:3.11" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2023-27904\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-27904\nhttps://www.jenkins.io/security/advisory/2023-03-08/#SECURITY-2120" ], "name" : "CVE-2023-27904", "csaw" : false }