Description

The Exclusion plugin before 0.9 for Jenkins does not properly prevent access to resource locks, which allows remote authenticated users to list and release resources via unspecified vectors.

Remediation

References

https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2013-11-20

https://wiki.jenkins-ci.org/display/JENKINS/Exclusion-Plugin

Related Vulnerabilities

CVE-2022-43415 Vulnerability in maven package org.jenkins-ci.plugins:repo

CVE-2020-8203 Vulnerability in maven package org.webjars.npm:lodash

CVE-2019-10414 Vulnerability in maven package de.wellnerbou.jenkins:git-changelog

CVE-2023-31103 Vulnerability in maven package org.apache.inlong:manager-test

CVE-2023-29211 Vulnerability in maven package org.xwiki.platform:xwiki-platform-wiki-ui-mainwiki

Severity

Critical

Classification

CWE-264

Tags

Vendor Advisory