Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

Jenkins Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-2609)

Description

jenkins before versions 2.44, 2.32.2 is vulnerable to an information disclosure vulnerability in search suggestions (SECURITY-385). The autocomplete feature on the search box discloses the names of the views in its suggestions, including the ones for which the current user does not have access to.

Remediation

References

Related Vulnerabilities

MySQL CVE-2014-6463 Vulnerability (CVE-2014-6463)

SugarCRM Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2019-17302)

Roundcube Cross-site Scripting (XSS) Vulnerability (CVE-2015-8105)

Drupal Core 9.0.x Cross-Site Scripting (9.0.0 - 9.0.11)

Oracle Database Server CVE-2012-1747 Vulnerability (CVE-2012-1747)

Severity

Medium

Classification

CVE-2017-2609 CWE-200 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Tags

Missing Update Known Vulnerabilities