Description
Jenkins is an award-winning application that monitors executions of repeated jobs, such as building a software project or jobs run by cron.
By accessing the endpoint /asynchPeople it was possible to get list of the Jenkins users.
Remediation
It's recommended to restrict access to this endpoint.
References
Related Vulnerabilities
No Script Block Detected with the Hash Value Declared in Content Security Policy (CSP)
XWiki Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2021-32731)
Piwigo Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2011-3790)
WordPress Plugin VikBooking Hotel Booking Engine & PMS Multiple Vulnerabilities (1.5.3)