dashboard leaks user/employee data due to asynchPeople people Enabled.
Due to the publicly exposed
Jenkins Dashboard I was able to see user/employee data also project data.source code etc etc
Steps to Reproduce :
1) Go to "
https://azure-build.debian.net/asynchPeople/ " (Your company owned)
2) You can see the large list of employee/user data and user id.
Impact:
Sensitive Data Leak publicly
The access also included some source code disclosure