VYPR
Medium severity4.3NVD Advisory· Published Jul 23, 2018· Updated Jun 17, 2026

CVE-2018-1999006

CVE-2018-1999006

Description

A exposure of sensitive information vulnerability exists in Jenkins 2.132 and earlier, 2.121.1 and earlier in Plugin.java that allows attackers to determine the date and time when a plugin HPI/JPI file was last extracted, which typically is the date of the most recent installation/upgrade.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
org.jenkins-ci.main:jenkins-coreMaven
< 2.121.22.121.2
org.jenkins-ci.main:jenkins-coreMaven
>= 2.122, < 2.1322.132

Affected products

1

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.