CVE-2017-2609

MEDIUM4.3EPSS 0.08%

Exposure of Sensitive Information to an Unauthorized Actor in Jenkins

Published: 5/13/2022Modified: 11/8/2023

Description

jenkins before versions 2.44, 2.32.2 is vulnerable to an information disclosure vulnerability in search suggestions (SECURITY-385). The autocomplete feature on the search box discloses the names of the views in its suggestions, including the ones for which the current user does not have access to.

Affected packages (1)

Maven/org.jenkins-ci.main:jenkins-corefrom 0, < 2.32.2

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	MEDIUM4.3	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

References (5)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2017-2609
PATCHhttps://github.com/jenkinsci/jenkins
WEBhttps://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2609
WEBhttps://github.com/jenkinsci/jenkins/commit/13905d8224899ba7332fe9af4e330ea96a2ae319
WEBhttp://www.securityfocus.com/bid/95964