Description

Jenkins is an award-winning application that monitors executions of repeated jobs, such as building a software project or jobs run by cron.

By accessing the endpoint /asynchPeople it was possible to get list of the Jenkins users.

Remediation

It's recommended to restrict access to this endpoint.

References

Securing Jenkins

Related Vulnerabilities

WordPress Plugin Stop User Enumeration Security Bypass (1.3.18)

WordPress Plugin All in One SEO-Best WordPress SEO-Easily Improve SEO Rankings & Increase Traffic Information Disclosure (2.2.5.1)

WordPress Plugin Wholesale Market Arbitrary File Download (2.2.0)

WordPress Plugin DZS Video Gallery Information Disclosure (3.1.3)

TYPO3 Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2010-3664)

Severity

Low

Classification

CWE-200 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Configuration Information Disclosure