Medium severity4.3NVD Advisory· Published May 17, 2016· Updated Jun 17, 2026
CVE-2016-3727
CVE-2016-3727
Description
The API URL computer/(master)/api/xml in Jenkins before 2.3 and LTS before 1.651.2 allows remote authenticated users with extended read permission for the master node to obtain sensitive information about the global configuration via unspecified vectors.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.jenkins-ci.main:jenkins-coreMaven | >= 1.652, < 2.3 | 2.3 |
org.jenkins-ci.main:jenkins-coreMaven | < 1.651.2 | 1.651.2 |
Affected products
5cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*range: <=2.2
- cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*range: <=1.651.1
Patches
Vulnerability mechanics
References
7- github.com/advisories/GHSA-6cr3-cm5h-8q96ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2016-3727ghsaADVISORY
- wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11nvdVendor AdvisoryWEB
- www.cloudbees.com/jenkins-security-advisory-2016-05-11nvdVendor AdvisoryWEB
- rhn.redhat.com/errata/RHSA-2016-1773.htmlnvdWEB
- access.redhat.com/errata/RHSA-2016:1206nvdWEB
- github.com/jenkinsci/jenkins/commit/d66ad6f3ee46a5c6bb865bb831e8cdfc74cd7eb3ghsaWEB
News mentions
0No linked articles in our index yet.