Description
jenkins before versions 2.44, 2.32.2 is vulnerable to an information disclosure vulnerability in search suggestions (SECURITY-385). The autocomplete feature on the search box discloses the names of the views in its suggestions, including the ones for which the current user does not have access to.
Remediation
References
http://www.securityfocus.com/bid/95964
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2609
https://github.com/jenkinsci/jenkins/commit/13905d8224899ba7332fe9af4e330ea96a2ae319
Related Vulnerabilities
CVE-2018-25061 Vulnerability in npm package rgb2hex
CVE-2018-6873 Vulnerability in npm package auth0-js
CVE-2023-25762 Vulnerability in maven package org.jenkins-ci.plugins:pipeline-build-step
CVE-2017-2604 Vulnerability in maven package org.jenkins-ci.main:jenkins-core
CVE-2018-14042 Vulnerability in maven package org.fujion.webjars:bootstrap