Description

Jenkins is an award-winning application that monitors executions of repeated jobs, such as building a software project or jobs run by cron.

By accessing the endpoint /securityRealm/user/admin/search/index?q= it was possible to enumerate all the Jenkins users.

Remediation

It's recommended to restrict access to this endpoint.

References

Related Vulnerabilities