CVE-2017-2606: Information Exposure
(updated )
Jenkins is vulnerable to an information exposure in the internal API that allows access to item names that should not be visible. This only affects anonymous users (other users legitimately have access) that were able to get a list of items via an UnprotectedRootAction
.
References
Detect and mitigate CVE-2017-2606 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →