CVE-2017-2609: Information Exposure

May 22, 2018 (updated October 9, 2019)

Jenkins is vulnerable to an information disclosure vulnerability in search suggestions. The autocomplete feature on the search box discloses the names of the views in its suggestions, including the ones for which the current user does not have access to.

References

www.securityfocus.com/bid/95964
bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2609
nvd.nist.gov/vuln/detail/CVE-2017-2609

Code Behaviors & Features

Detect and mitigate CVE-2017-2609 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →