Description

Jenkins is an award-winning application that monitors executions of repeated jobs, such as building a software project or jobs run by cron.

By accessing the endpoint /securityRealm/user/admin/search/index?q= it was possible to enumerate all the Jenkins users.

Remediation

It's recommended to restrict access to this endpoint.

References

Securing Jenkins

Related Vulnerabilities

phpMyAdmin Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2022-0813)

WordPress Plugin Caldera Forms-More Than Contact Forms Arbitrary File Disclosure (1.8.1)

WordPress Plugin History Collection Arbitrary File Download (1.1.1)

Joomla! Core 1.6.x Information Disclosure (1.6.0 - 1.6.3)

nginx range filter integer overflow

Severity

Low

Classification

CWE-200 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Information Disclosure