jenkins before versions 2.44, 2.32.2 is vulnerable to an information disclosure vulnerability in search suggestions (SECURITY-385). The autocomplete feature on the search box discloses the names of the views in its suggestions, including the ones for which the current user does not have access to.
References
Link | Resource |
---|---|
http://www.securityfocus.com/bid/95964 | Third Party Advisory VDB Entry |
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2609 | Issue Tracking Patch Third Party Advisory |
https://github.com/jenkinsci/jenkins/commit/13905d8224899ba7332fe9af4e330ea96a2ae319 | Patch Third Party Advisory |
Configurations
Configuration 1 (hide)
|
History
No history.
Information
Published : 2018-05-22 17:29
Updated : 2024-02-04 19:46
NVD link : CVE-2017-2609
Mitre link : CVE-2017-2609
CVE.ORG link : CVE-2017-2609
JSON object : View
Products Affected
jenkins
- jenkins
CWE
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor