Red Hat Bugzilla – Bug 1418713
CVE-2017-2603 jenkins: User data leak in disconnected agents' config.xml API (SECURITY-362)
Last modified: 2018-06-29 18:17:54 EDT
The following flaw was found in Jenkins:
Agents that were disconnected by users contained the disconnecting user's User object in serialized form in the config.xml remote API output. This could leak sensitive data such as API tokens.