Sensitive Information Exposure in Jenkins Plugin Extraction Date and Time

Sensitive Information Exposure in Jenkins Plugin Extraction Date and Time

CVE-2018-1999006 · MEDIUM Severity

AV:N/AC:L/AU:S/C:P/I:N/A:N

A exposure of sensitive information vulnerability exists in Jenkins 2.132 and earlier, 2.121.1 and earlier in Plugin.java that allows attackers to determine the date and time when a plugin HPI/JPI file was last extracted, which typically is the date of the most recent installation/upgrade.

Learn more about our Web Application Penetration Testing UK.