CVE-2017-2609
4.3
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Summary
jenkins before versions 2.44, 2.32.2 is vulnerable to an information disclosure vulnerability in search suggestions (SECURITY-385). The autocomplete feature on the search box discloses the names of the views in its suggestions, including the ones for which the current user does not have access to.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| [UNKNOWN] | jenkins | jenkins 2.44 | affected |
| [UNKNOWN] | jenkins | jenkins 2.32.2 | affected |
Weaknesses
- CWE-200: CWE-200
ADP Enrichment
CVE Program Container
Additional References
- http://www.securityfocus.com/bid/95964
- https://github.com/jenkinsci/jenkins/commit/13905d8224899ba7332fe9af4e330ea96a2ae319
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2609
References
- http://www.securityfocus.com/bid/95964
- https://github.com/jenkinsci/jenkins/commit/13905d8224899ba7332fe9af4e330ea96a2ae319
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2609
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.