Main Vulnerability Database Vulnerabilities #VU61412

Information disclosure in Extended Choice Parameter - CVE-2022-27203

Published: March 16, 2022

Vulnerability identifier: #VU61412

CSH Severity: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2022-27203

CWE-ID: CWE-200

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Extended Choice Parameter

Software vendor:
Jenkins

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to excessive data output by the application. A remote user can read values from arbitrary JSON and Java properties files on the Jenkins controller.

Remediation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

External links

https://jenkins.io/security/advisory/2022-03-15/

Information disclosure in Extended Choice Parameter - CVE-2022-27203

Description

Remediation

External links

Please verify you're human