Description

The Exclusion plugin before 0.9 for Jenkins does not properly prevent access to resource locks, which allows remote authenticated users to list and release resources via unspecified vectors.

Remediation

References

https://wiki.jenkins-ci.org/display/JENKINS/Exclusion-Plugin

https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2013-11-20

Related Vulnerabilities

CVE-2010-2103 Vulnerability in maven package org.apache.axis2:axis2

CVE-2023-24437 Vulnerability in maven package org.jenkins-ci.plugins:jira-steps

CVE-2018-1199 Vulnerability in maven package org.springframework.security:spring-security-config

CVE-2023-33946 Vulnerability in maven package com.liferay.portal:release.portal.bom

CVE-2022-43410 Vulnerability in maven package org.jenkins-ci.plugins:mercurial

Severity

Critical

Classification

CWE-264

Tags

Vendor Advisory