Description
Jenkins is an award-winning application that monitors executions of repeated jobs, such as building a software project or jobs run by cron.
By accessing the endpoint /asynchPeople it was possible to get list of the Jenkins users.
Remediation
It's recommended to restrict access to this endpoint.
References
Related Vulnerabilities
WebLogic Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-10152)
WordPress 5.6.x Multiple Vulnerabilities (5.6 - 5.6.2)
SAP ICF /sap/public/info sensitive information disclosure
WordPress Plugin NextGEN Gallery-WordPress Gallery Information Disclosure (1.9.11)
WordPress Plugin Gmail SMTP Arbitrary File Disclosure (1.1.0)