Description
The Exclusion plugin before 0.9 for Jenkins does not properly prevent access to resource locks, which allows remote authenticated users to list and release resources via unspecified vectors.
Remediation
References
https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2013-11-20
https://wiki.jenkins-ci.org/display/JENKINS/Exclusion-Plugin
Related Vulnerabilities
CVE-2022-25167 Vulnerability in maven package org.apache.flume:flume-parent
CVE-2019-10397 Vulnerability in maven package org.jenkins-ci.plugins:aqua-serverless
CVE-2018-1999038 Vulnerability in maven package org.jenkins-ci.plugins:publish-over-cifs
CVE-2022-45935 Vulnerability in maven package org.apache.james:apache-james-mailbox-store
CVE-2017-7676 Vulnerability in maven package org.apache.ranger:ranger