Description
The Exclusion plugin before 0.9 for Jenkins does not properly prevent access to resource locks, which allows remote authenticated users to list and release resources via unspecified vectors.
Remediation
References
https://wiki.jenkins-ci.org/display/JENKINS/Exclusion-Plugin
https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2013-11-20
Related Vulnerabilities
CVE-2013-6408 Vulnerability in maven package org.apache.solr:solr-core
CVE-2011-2092 Vulnerability in maven package com.adobe.blazeds:flex-messaging-core
CVE-2014-0075 Vulnerability in maven package org.apache.tomcat:tomcat-coyote
CVE-2022-34169 Vulnerability in maven package xalan:xalan
CVE-2022-22965 Vulnerability in maven package org.springframework.boot:spring-boot-starter-webflux