CVE-2017-2609
Description
jenkins before versions 2.44, 2.32.2 is vulnerable to an information disclosure vulnerability in search suggestions (SECURITY-385). The autocomplete feature on the search box discloses the names of the views in its suggestions, including the ones for which the current user does not have access to.
Risk Information
Base Score
4.3
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
EPSS Score
Exploitation Probability
0.084
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Multiple vulnerabilities are fixed in Jenkins-Core 2.32.2 | Windows |
| Multiple vulnerabilities are fixed in Jenkins-Core 2.44 | Windows |
| Multiple vulnerabilities are fixed in Jenkins-Core for Linux 2.32.2 | Linux |
| Multiple vulnerabilities are fixed in Jenkins-Core for Linux 2.44 | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234