CVE-2017-2609

jenkins before versions 2.44, 2.32.2 is vulnerable to an information disclosure vulnerability in search suggestions (SECURITY-385). The autocomplete feature on the search box discloses the names of the views in its suggestions, including the ones for which the current user does not have access to.
References
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*
cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2018-05-22 17:29

Updated : 2024-02-04 19:46


NVD link : CVE-2017-2609

Mitre link : CVE-2017-2609

CVE.ORG link : CVE-2017-2609


JSON object : View

Products Affected

jenkins

  • jenkins
CWE
CWE-200

Exposure of Sensitive Information to an Unauthorized Actor