CVE-2017-2609

MEDIUM4.3EPSS 0.08%

Exposure of Sensitive Information to an Unauthorized Actor in Jenkins

發布日:2022/5/13修改日:2023/11/8

描述

jenkins before versions 2.44, 2.32.2 is vulnerable to an information disclosure vulnerability in search suggestions (SECURITY-385). The autocomplete feature on the search box discloses the names of the views in its suggestions, including the ones for which the current user does not have access to.

受影響套件(1)

Maven/org.jenkins-ci.main:jenkins-corefrom 0, < 2.32.2

CVSS 分數

來源	版本	嚴重程度	向量
osv	CVSS 3.1	MEDIUM4.3	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

參考連結(5)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2017-2609
PATCHhttps://github.com/jenkinsci/jenkins
WEBhttps://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2609
WEBhttps://github.com/jenkinsci/jenkins/commit/13905d8224899ba7332fe9af4e330ea96a2ae319
WEBhttp://www.securityfocus.com/bid/95964