CVE-2017-2609

Summary

jenkins before versions 2.44, 2.32.2 is vulnerable to an information disclosure vulnerability in search suggestions (SECURITY-385). The autocomplete feature on the search box discloses the names of the views in its suggestions, including the ones for which the current user does not have access to.

Affected Software

VendorProductVersion RangeStatus
[UNKNOWN]jenkinsjenkins 2.44affected
[UNKNOWN]jenkinsjenkins 2.32.2affected

Weaknesses

  • CWE-200: CWE-200

ADP Enrichment

CVE Program Container

Additional References

References