VulnerableCode Vulnerability Details

Staging Environment: Content and features may be unstable or change without notice.

Search for vulnerabilities

Vulnerability details: VCID-6925-fwf4-f7df

Essentials
Severities (25)
References (18)
Severity details (12)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-6925-fwf4-f7df
Aliases	CVE-2023-27904 GHSA-rrgp-c2w8-6vg6
Summary	Generation of Error Message Containing Sensitive Information Jenkins 2.393 and earlier, LTS 2.375.3 and earlier prints an error stack trace on agent-related pages when agent connections are broken, potentially revealing information about Jenkins configuration that is otherwise inaccessible to attackers.
Status	Published
Exploitability	0.5
Weighted Severity	4.8
Risk	2.4
Affected and Fixed Packages	Package Details

Weaknesses (4)

CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-209	Generation of Error Message Containing Sensitive Information
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-200	Exposure of Sensitive Information to an Unauthorized Actor

System	Score	Found at
cvssv3	5.3	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-27904.json
epss	0.00495	https://api.first.org/data/v1/epss?cve=CVE-2023-27904
epss	0.00495	https://api.first.org/data/v1/epss?cve=CVE-2023-27904
epss	0.00495	https://api.first.org/data/v1/epss?cve=CVE-2023-27904
epss	0.00495	https://api.first.org/data/v1/epss?cve=CVE-2023-27904
epss	0.00495	https://api.first.org/data/v1/epss?cve=CVE-2023-27904
epss	0.00495	https://api.first.org/data/v1/epss?cve=CVE-2023-27904
epss	0.00495	https://api.first.org/data/v1/epss?cve=CVE-2023-27904
epss	0.00495	https://api.first.org/data/v1/epss?cve=CVE-2023-27904
epss	0.00495	https://api.first.org/data/v1/epss?cve=CVE-2023-27904
epss	0.00495	https://api.first.org/data/v1/epss?cve=CVE-2023-27904
epss	0.00495	https://api.first.org/data/v1/epss?cve=CVE-2023-27904
epss	0.00495	https://api.first.org/data/v1/epss?cve=CVE-2023-27904
epss	0.00495	https://api.first.org/data/v1/epss?cve=CVE-2023-27904
cvssv3.1_qr	LOW	https://github.com/advisories/GHSA-rrgp-c2w8-6vg6
cvssv3.1	3.1	https://github.com/CVEProject/cvelist/blob/master/2023/27xxx/CVE-2023-27904.json
generic_textual	LOW	https://github.com/CVEProject/cvelist/blob/master/2023/27xxx/CVE-2023-27904.json
cvssv3.1	3.1	https://github.com/jenkinsci/jenkins/commit/40663588eea4ac953209bd8845b6b880792f92cc
generic_textual	LOW	https://github.com/jenkinsci/jenkins/commit/40663588eea4ac953209bd8845b6b880792f92cc
cvssv3.1	3.1	https://nvd.nist.gov/vuln/detail/CVE-2023-27904
generic_textual	LOW	https://nvd.nist.gov/vuln/detail/CVE-2023-27904
cvssv3.1	3.1	https://www.jenkins.io/security/advisory/2023-03-08/#SECURITY-2120
cvssv3.1	5.3	https://www.jenkins.io/security/advisory/2023-03-08/#SECURITY-2120
generic_textual	LOW	https://www.jenkins.io/security/advisory/2023-03-08/#SECURITY-2120
ssvc	Track	https://www.jenkins.io/security/advisory/2023-03-08/#SECURITY-2120

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-27904.json
		https://api.first.org/data/v1/epss?cve=CVE-2023-27904
		https://github.com/CVEProject/cvelist/blob/master/2023/27xxx/CVE-2023-27904.json
		https://github.com/jenkinsci/jenkins/commit/40663588eea4ac953209bd8845b6b880792f92cc
		https://www.jenkins.io/security/advisory/2023-03-08/#SECURITY-2120
2177634		https://bugzilla.redhat.com/show_bug.cgi?id=2177634
CVE-2023-27904		https://nvd.nist.gov/vuln/detail/CVE-2023-27904
GHSA-rrgp-c2w8-6vg6		https://github.com/advisories/GHSA-rrgp-c2w8-6vg6
RHSA-2023:1655		https://access.redhat.com/errata/RHSA-2023:1655
RHSA-2023:3195		https://access.redhat.com/errata/RHSA-2023:3195
RHSA-2023:3198		https://access.redhat.com/errata/RHSA-2023:3198
RHSA-2023:3299		https://access.redhat.com/errata/RHSA-2023:3299
RHSA-2023:3622		https://access.redhat.com/errata/RHSA-2023:3622
RHSA-2023:3663		https://access.redhat.com/errata/RHSA-2023:3663
RHSA-2023:6171		https://access.redhat.com/errata/RHSA-2023:6171
RHSA-2023:6172		https://access.redhat.com/errata/RHSA-2023:6172
RHSA-2024:0775		https://access.redhat.com/errata/RHSA-2024:0775
RHSA-2024:0778		https://access.redhat.com/errata/RHSA-2024:0778

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-27904.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N Found at https://github.com/CVEProject/cvelist/blob/master/2023/27xxx/CVE-2023-27904.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N Found at https://github.com/jenkinsci/jenkins/commit/40663588eea4ac953209bd8845b6b880792f92cc

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2023-27904

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N Found at https://www.jenkins.io/security/advisory/2023-03-08/#SECURITY-2120

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Found at https://www.jenkins.io/security/advisory/2023-03-08/#SECURITY-2120

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-28T18:51:08Z/ Found at https://www.jenkins.io/security/advisory/2023-03-08/#SECURITY-2120

Exploit Prediction Scoring System (EPSS)

Percentile	0.65723
EPSS Score	0.00495
Published At	April 2, 2026, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2026-04-01T12:51:00.433593+00:00	GitLab Importer	Import	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.jenkins-ci.main/jenkins-core/CVE-2023-27904.yml	38.0.0