Description
jenkins before versions 2.44, 2.32.2 is vulnerable to an information disclosure vulnerability in search suggestions (SECURITY-385). The autocomplete feature on the search box discloses the names of the views in its suggestions, including the ones for which the current user does not have access to.
Remediation
References
https://github.com/jenkinsci/jenkins/commit/13905d8224899ba7332fe9af4e330ea96a2ae319
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2609
http://www.securityfocus.com/bid/95964
Related Vulnerabilities
CVE-2016-10707 Vulnerability in maven package org.webjars:jquery
CVE-2020-28269 Vulnerability in npm package field
CVE-2022-29172 Vulnerability in maven package org.webjars.bower:auth0-lock
CVE-2022-0722 Vulnerability in maven package org.webjars.npm:parse-url
CVE-2016-6812 Vulnerability in maven package org.apache.cxf:cxf-rt-transports-http