Description

The Exclusion plugin before 0.9 for Jenkins does not properly prevent access to resource locks, which allows remote authenticated users to list and release resources via unspecified vectors.

Remediation

References

https://wiki.jenkins-ci.org/display/JENKINS/Exclusion-Plugin

https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2013-11-20

Related Vulnerabilities

CVE-2019-12421 Vulnerability in maven package org.apache.nifi:nifi-administration

CVE-2020-9480 Vulnerability in maven package org.apache.spark:spark-network-common_2.11

CVE-2021-21611 Vulnerability in maven package org.jenkins-ci.main:jenkins-core

CVE-2011-2093 Vulnerability in maven package com.adobe.blazeds:blazeds-common

CVE-2012-3546 Vulnerability in maven package org.apache.tomcat:catalina

Severity

Critical

Classification

CWE-264

Tags

Vendor Advisory