CVE-2017-2609

jenkins before versions 2.44, 2.32.2 is vulnerable to an information disclosure vulnerability in search suggestions (SECURITY-385). The autocomplete feature on the search box discloses the names of the views in its suggestions, including the ones for which the current user does not have access to.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*
cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*

History

21 Nov 2024, 03:23

Type Values Removed Values Added
References () http://www.securityfocus.com/bid/95964 - Third Party Advisory, VDB Entry () http://www.securityfocus.com/bid/95964 - Third Party Advisory, VDB Entry
References () https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2609 - Issue Tracking, Patch, Third Party Advisory () https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2609 - Issue Tracking, Patch, Third Party Advisory
References () https://github.com/jenkinsci/jenkins/commit/13905d8224899ba7332fe9af4e330ea96a2ae319 - Patch, Third Party Advisory () https://github.com/jenkinsci/jenkins/commit/13905d8224899ba7332fe9af4e330ea96a2ae319 - Patch, Third Party Advisory

Information

Published : 2018-05-22 17:29

Updated : 2024-11-21 03:23


NVD link : CVE-2017-2609

Mitre link : CVE-2017-2609

CVE.ORG link : CVE-2017-2609


JSON object : View

Products Affected

jenkins

  • jenkins
CWE
CWE-200

Exposure of Sensitive Information to an Unauthorized Actor