1. Home
  2. Vulnerabilities
  3. CVE-2017-2609

CVE-2017-2609

CVSS v3.0 4.3 (Medium)
43% Progress
CVSS v2.0 4 (Medium)
40% Progress
EPSS 0.07 % (32th)
0.07% Progress
Affected Products 1
Advisories 2
Info CVSS EPSS CAPEC Affected Configurations References Security Advisories Packages & Software Tools, Exploits & PoC Graph Web & Social Timeline

jenkins before versions 2.44, 2.32.2 is vulnerable to an information disclosure vulnerability in search suggestions (SECURITY-385). The autocomplete feature on the search box discloses the names of the views in its suggestions, including the ones for which the current user does not have access to.

Weaknesses
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE Status
PUBLISHED
CNA
Red Hat, Inc.
Published Date
2018-05-22 17:29:00
(6 years ago)
Updated Date
2019-10-09 23:26:55
(5 years ago)

Affected Products

Jenkins

Configuration #1

    CPE23 From Up To
  Jenkins prior 2.32.2 version cpe:2.3:a:jenkins:jenkins::*:*:*:lts < 2.32.2
  Jenkins prior 2.44 version cpe:2.3:a:jenkins:jenkins < 2.44