CVE-2023-27904

Jenkins 2.393 and earlier, LTS 2.375.3 and earlier prints an error stack trace on agent-related pages when agent connections are broken, potentially revealing information about Jenkins configuration that is otherwise inaccessible to attackers.

Published: Mar 10, 2023
Updated: May 10, 2024
CVE: CVE-2023-27904
GHSA: GHSA-rrgp-c2w8-6vg6
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 5.3
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
jenkins / jenkins	-	2.394
jenkins / jenkins	-	2.375.4
org.jenkins-ci.main / jenkins-core	-	2.375.4
org.jenkins-ci.main / jenkins-core	2.376	2.387.1
org.jenkins-ci.main / jenkins-core	2.388	2.394

https://github.com/CVEProject/cvelist/blob/master/2023/27xxx/CVE-2023-27904.json
https://github.com/jenkinsci/jenkins/commit/40663588eea4ac953209bd8845b6b880792f92cc
https://www.jenkins.io/security/advisory/2023-03-08/#SECURITY-2120

Vulnerability Database

CVE-2023-27904

Deep Security Visibility Without the Complexity