jenkins before versions 2.44, 2.32.2 is vulnerable to an information disclosure vulnerability in search suggestions (SECURITY-385). The autocomplete feature on the search box discloses the names of the views in its suggestions, including the ones for which the current user does not have access to.
References
Link | Resource |
---|---|
http://www.securityfocus.com/bid/95964 | Third Party Advisory VDB Entry |
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2609 | Issue Tracking Patch Third Party Advisory |
https://github.com/jenkinsci/jenkins/commit/13905d8224899ba7332fe9af4e330ea96a2ae319 | Patch Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: redhat
Published: 2018-05-22T17:00:00
Updated: 2018-05-23T09:57:01
Reserved: 2016-12-01T00:00:00
Link: CVE-2017-2609
JSON object: View
NVD Information
Status : Modified
Published: 2018-05-22T17:29:00.330
Modified: 2019-10-09T23:26:55.913
Link: CVE-2017-2609
JSON object: View
Redhat Information
No data.
CWE