Ananthapadmanabhan S R

**Name of the Vulnerable Software and Affected Versions** Jenkins versions 2.73.1 and earlier, 2.83 and earlier **Description** The issue allows access to information about Jenkins user accounts, including email addresses if the Mailer Plugin is installed, via the "user/(username)/api" remote API endpoint. This information is available to anyone with Overall/Read permissions. The API endpoint now only includes basic user information, such as user ID and name, unless the requesting user is a Jenkins administrator. **Recommendations** For Jenkins versions 2.73.1 and earlier, 2.83 and earlier, update to a version that restricts access to user information via the remote API, ensuring that only basic user details are accessible to non-administrative users.