2 matches found
CVE-2026-53439
A flaw was found in Jenkins. Missing permission checks allow an attacker with Overall/Read permission to determine other users' configured timezone. This vulnerability also enables the attacker to enumerate the view names of other users' "My Views", leading to information disclosure. Mitigation...
GHSA-8PV9-QH96-9HC6 Jenkins does not perform a permission check in an HTTP endpoint
Jenkins 2.470 and earlier, LTS 2.452.3 and earlier does not perform a permission check in an HTTP endpoint. This allows attackers with Overall/Read permission to access other users' "My Views". Attackers with global View/Configure and View/Delete permissions are also able to change other users' "...