Cloudbees · Jenkins · CVE-2017-2606
Name of the Vulnerable Software and Affected Versions:
Jenkins versions prior to 2.44
Jenkins versions prior to 2.32.2
Description:
The issue is related to an information exposure in the internal API, allowing access to item names that should not be visible. This affects anonymous users who were able to get a list of items via an UnprotectedRootAction. Other users have legitimate access to this information.
Recommendations:
For versions prior to 2.44, update to version 2.44 or later.
For versions prior to 2.32.2, update to version 2.32.2 or later.