jenkins before versions 2.44, 2.32.2 is vulnerable to an information disclosure vulnerability in search suggestions (SECURITY-385). The autocomplete feature on the search box discloses the names of the views in its suggestions, including the ones for which the current user does not have access to.

Affected Packages

Maven org.jenkins-ci.main:jenkins-core

Affected versions: 0 (fixed in 2.32.2)

Maven org.jenkins-ci.main:jenkins-core

Affected versions: 2.34 (fixed in 2.44)

Related CVEs

CVE-2017-2609

Key Information

GHSA ID

GHSA-v222-w2mw-xjc6

Published

May 13, 2022 1:36 AM

Last Modified

July 1, 2022 5:41 PM

CVSS Score

5.0 /10

Primary Ecosystem

Maven

Primary Package

org.jenkins-ci.main:jenkins-core

GitHub Reviewed

✓ Yes

Dataset

Last updated: July 28, 2025 6:37 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.