Description

The Exclusion plugin before 0.9 for Jenkins does not properly prevent access to resource locks, which allows remote authenticated users to list and release resources via unspecified vectors.

Remediation

References

https://wiki.jenkins-ci.org/display/JENKINS/Exclusion-Plugin

https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2013-11-20

Related Vulnerabilities

CVE-2019-8331 Vulnerability in maven package org.fujion.webjars:bootstrap

CVE-2021-21608 Vulnerability in maven package org.jenkins-ci.main:jenkins-core

CVE-2021-21627 Vulnerability in maven package org.jenkins-ci.plugins:libvirt-slave

CVE-2023-40037 Vulnerability in maven package org.apache.nifi:nifi-hikari-dbcp-service

CVE-2021-23445 Vulnerability in npm package datatables.net

Severity

Critical

Classification

CWE-264

Tags

Vendor Advisory