WEB APPLICATION VULNERABILITIES SCA (Software Composition Analysis)

CVE-2017-2609 Vulnerability in maven package org.jenkins-ci.main:jenkins-core

Description

jenkins before versions 2.44, 2.32.2 is vulnerable to an information disclosure vulnerability in search suggestions (SECURITY-385). The autocomplete feature on the search box discloses the names of the views in its suggestions, including the ones for which the current user does not have access to.

Remediation

References

http://www.securityfocus.com/bid/95964

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2609

https://github.com/jenkinsci/jenkins/commit/13905d8224899ba7332fe9af4e330ea96a2ae319

Related Vulnerabilities

CVE-2022-24901 Vulnerability in npm package parse-server

CVE-2019-10793 Vulnerability in maven package org.webjars.bower:dot-object

CVE-2019-19771 Vulnerability in npm package bitcoimd-rpc

CVE-2023-34610 Vulnerability in maven package com.cedarsoftware:json-io

CVE-2020-7780 Vulnerability in maven package com.softwaremill.akka-http-session:core_2.12

Severity

Medium

Classification

CWE-200 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Tags

Third Party Advisory VDB Entry Issue Tracking Patch