A exposure of sensitive information vulnerability exists in Jenkins 2.132 and previous versions, 2.121.1 and previous versions in Plugin.java that allows malicious users to determine the date and time when a plugin HPI/JPI file was last extracted, which typically is the date of the most recent installation/upgrade.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
jenkins jenkins |