Sensitive Information Exposure in Jenkins Plugin Extraction Date and Time
CVE-2018-1999006 · MEDIUM Severity
AV:N/AC:L/AU:S/C:P/I:N/A:N
A exposure of sensitive information vulnerability exists in Jenkins 2.132 and earlier, 2.121.1 and earlier in Plugin.java that allows attackers to determine the date and time when a plugin HPI/JPI file was last extracted, which typically is the date of the most recent installation/upgrade.
Learn more about our Web Application Penetration Testing UK.