Description

Jenkins is an award-winning application that monitors executions of repeated jobs, such as building a software project or jobs run by cron.

By accessing the endpoint /asynchPeople it was possible to get list of the Jenkins users.

Remediation

It's recommended to restrict access to this endpoint.

References

Securing Jenkins

Related Vulnerabilities

Custom Error Pages Are Not Configured in WEB-INF/web.xml

Unrestricted access to NGINX+ API interface (read only)

PHP open_basedir Is Not Configured

WordPress Plugin Order Export & Order Import for WooCommerce Information Disclosure (1.0.8)

WordPress Plugin MasterStudy LMS-for Online Courses and Education Information Disclosure (3.2.10)

Severity

Low

Classification

CWE-200 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Configuration Information Disclosure