Description
Jenkins is an award-winning application that monitors executions of repeated jobs, such as building a software project or jobs run by cron.
By accessing the endpoint /securityRealm/user/admin/search/index?q= it was possible to enumerate all the Jenkins users.
Remediation
It's recommended to restrict access to this endpoint.
References
Related Vulnerabilities
WordPress Plugin Stop User Enumeration User Enumeration (1.3.8)
Jetty ConcatServlet Information Disclosure (CVE-2021-28169)
WordPress 3.5.1 Multiple Vulnerabilities (2.0 - 3.5.1)
Drupal Core 5.x Information Disclosure (5.0 - 5.18)
Plone CMS Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-4042)