CVE-2023-27904

Aliases:GHSA-rrgp-c2w8-6vg6BIT-jenkins-2023-27904

Advisory lineage Upstream: 0 Downstream: 10

Downstream

RHSA-2023:1655 RHSA-2023:3195 RHSA-2023:3198 RHSA-2023:3299 RHSA-2023:3622 RHSA-2023:3663

Modified

Published: 08 Mar 2023, 17:14

Last modified:28 Feb 2025, 18:52

Vulnerability Summary

Overall Risk (default)

low

21/100

CVSS Score

5.3 MEDIUM

v3.1 (cve.org)

EPSS Score

0.5% LOW

0% probability +0.30%

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

08 Mar 2023, 17:14

Published

Vulnerability first disclosed

28 Feb 2025, 18:52

Last Modified

Vulnerability information updated

Description

Jenkins 2.393 and earlier, LTS 2.375.3 and earlier prints an error stack trace on agent-related pages when agent connections are broken, potentially revealing information about Jenkins configuration that is otherwise inaccessible to attackers.

CVSS Metrics

v3.1•MEDIUM•Score: 5.3CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
v3.1•LOW•Score: 3.1CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N

EPSS Trends

Current EPSS score: 0.50%• Percentile: 66%

Affected Systems

Unknown•Jenkins
< 2.375.4 | < 2.394
org.jenkins-ci.main•jenkins-core
≥ 2.376, < 2.387.1 | < 2.375.4 | ≥ 2.388, < 2.394