Jenkins user enumeration

Description
  • Jenkins is an award-winning application that monitors executions of repeated jobs, such as building a software project or jobs run by cron.

    By accessing the endpoint /securityRealm/user/admin/search/index?q= it was possible to enumerate all the Jenkins users.
Remediation
  • It's recommended to restrict access to this endpoint.
References