Low severityNVD Advisory· Published Mar 8, 2023· Updated Feb 28, 2025
CVE-2023-27904
CVE-2023-27904
Description
Jenkins 2.393 and earlier, LTS 2.375.3 and earlier prints an error stack trace on agent-related pages when agent connections are broken, potentially revealing information about Jenkins configuration that is otherwise inaccessible to attackers.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.jenkins-ci.main:jenkins-coreMaven | >= 2.376, < 2.387.1 | 2.387.1 |
org.jenkins-ci.main:jenkins-coreMaven | < 2.375.4 | 2.375.4 |
org.jenkins-ci.main:jenkins-coreMaven | >= 2.388, < 2.394 | 2.394 |
Affected products
9- osv-coords8 versionspkg:apk/chainguard/jenkinspkg:apk/chainguard/jenkins-compatpkg:apk/chainguard/jenkins-remotingpkg:apk/wolfi/jenkinspkg:apk/wolfi/jenkins-compatpkg:apk/wolfi/jenkins-remotingpkg:bitnami/jenkinspkg:maven/org.jenkins-ci.main/jenkins-core
< 2.395-r0+ 7 more
- (no CPE)range: < 2.395-r0
- (no CPE)range: < 2.395-r0
- (no CPE)range: < 2.395-r0
- (no CPE)range: < 2.395-r0
- (no CPE)range: < 2.395-r0
- (no CPE)range: < 2.395-r0
- (no CPE)range: < 2.394.0
- (no CPE)range: >= 2.376, < 2.387.1
- Range: 2.394
Patches
Vulnerability mechanics
References
5- github.com/advisories/GHSA-rrgp-c2w8-6vg6ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2023-27904ghsaADVISORY
- www.jenkins.io/security/advisory/2023-03-08/ghsavendor-advisoryWEB
- github.com/CVEProject/cvelist/blob/master/2023/27xxx/CVE-2023-27904.jsonghsaWEB
- github.com/jenkinsci/jenkins/commit/40663588eea4ac953209bd8845b6b880792f92ccghsaWEB
News mentions
1- Jenkins Security Advisory 2023-03-08Jenkins Security Advisories · Mar 8, 2023