Description

The Exclusion plugin before 0.9 for Jenkins does not properly prevent access to resource locks, which allows remote authenticated users to list and release resources via unspecified vectors.

Remediation

References

https://wiki.jenkins-ci.org/display/JENKINS/Exclusion-Plugin

https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2013-11-20

Related Vulnerabilities

CVE-2013-6408 Vulnerability in maven package org.apache.solr:solr-core

CVE-2011-2092 Vulnerability in maven package com.adobe.blazeds:flex-messaging-core

CVE-2014-0075 Vulnerability in maven package org.apache.tomcat:tomcat-coyote

CVE-2022-34169 Vulnerability in maven package xalan:xalan

CVE-2022-22965 Vulnerability in maven package org.springframework.boot:spring-boot-starter-webflux

Severity

Critical

Classification

CWE-264

Tags

Vendor Advisory