Description
Jenkins before versions 2.44, 2.32.2 is vulnerable to an information exposure in the internal API that allows access to item names that should not be visible (SECURITY-380). This only affects anonymous users (other users legitimately have access) that were able to get a list of items via an UnprotectedRootAction.
Remediation
References
Related Vulnerabilities
MySQL CVE-2016-0599 Vulnerability (CVE-2016-0599)
Moodle Incorrect Default Permissions Vulnerability (CVE-2012-1157)
WordPress Plugin Side Menu Lite-add sticky fixed buttons SQL Injection (2.2.1)
WordPress Plugin Wp Multiple Meta Box SQL Injection (1.0.0)
WebLogic Improper Access Control Vulnerability (CVE-2016-5601)