CVE-2017-2609

MEDIUM

Jenkins < 2.44 and < 2.32.2 - Unauthorized Information Disclosure via Search Suggestions

Title source: llm
STIX 2.1

Description

jenkins before versions 2.44, 2.32.2 is vulnerable to an information disclosure vulnerability in search suggestions (SECURITY-385). The autocomplete feature on the search box discloses the names of the views in its suggestions, including the ones for which the current user does not have access to.

References (3)

Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/95964
Issue Tracking, Patch, Third Party Advisory x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2609

Scores

CVSS v3 4.3
EPSS 0.0008
EPSS Percentile 24.3%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Details

CWE
CWE-200
Status published
Products (3)
jenkins/jenkins < 2.32.2
jenkins/jenkins < 2.44
org.jenkins-ci.main/jenkins-core 0 - 2.32.2Maven
Published May 22, 2018
Tracked Since Feb 18, 2026