Jenkins Reverse Proxy Auth Plugin 1.5 and older: Sensitive Information Exposure Vulnerability

Jenkins Reverse Proxy Auth Plugin 1.5 and older: Sensitive Information Exposure Vulnerability

CVE-2018-1000150 · LOW Severity

AV:L/AC:L/AU:N/C:P/I:N/A:N

An exposure of sensitive information vulnerability exists in Jenkins Reverse Proxy Auth Plugin 1.5 and older in ReverseProxySecurityRealm#authContext that allows attackers with local file system access to obtain a list of authorities for logged in users.

Learn more about our User Device Pen Test.