Description

The Exclusion plugin before 0.9 for Jenkins does not properly prevent access to resource locks, which allows remote authenticated users to list and release resources via unspecified vectors.

Remediation

References

https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2013-11-20

https://wiki.jenkins-ci.org/display/JENKINS/Exclusion-Plugin

Related Vulnerabilities

CVE-2020-2295 Vulnerability in maven package org.jkva.maven-plugins:cascading-release-maven-plugin

CVE-2023-31206 Vulnerability in maven package org.apache.inlong:manager-dao

CVE-2020-5410 Vulnerability in maven package org.springframework.cloud:spring-cloud-config-server

CVE-2020-9482 Vulnerability in maven package org.apache.nifi.registry:nifi-registry-core

CVE-2019-7614 Vulnerability in maven package org.elasticsearch:elasticsearch

Severity

Critical

Classification

CWE-264

Tags

Vendor Advisory