Description

jenkins before versions 2.44, 2.32.2 is vulnerable to an information disclosure vulnerability in search suggestions (SECURITY-385). The autocomplete feature on the search box discloses the names of the views in its suggestions, including the ones for which the current user does not have access to.

Remediation

References

CVE-2017-2609

Related Vulnerabilities

WordPress Plugin Simple Giveaways-Grow your business, email lists and traffic with contests Security Bypass (2.17.3)

Moodle Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-4400)

WordPress Plugin MailPoet Newsletters (Previous) Multiple Vulnerabilities (2.7.2)

WordPress Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2011-0700)

SharePoint Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2013-5059)

Severity

Medium

Classification

CVE-2017-2609 CWE-200 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Tags

Missing Update Known Vulnerabilities