Description
The doIndex function in hudson/util/RemotingDiagnostics.java in CloudBees Jenkins before 1.551 and LTS before 1.532.2 allows remote authenticated users with the ADMINISTER permission to obtain sensitive information via vectors related to heapDump.
Remediation
References
https://github.com/jenkinsci/jenkins/commit/0530a6645aac10fec005614211660e98db44b5eb
http://www.openwall.com/lists/oss-security/2014/02/21/2
https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-02-14
Related Vulnerabilities
CVE-2019-13127 Vulnerability in npm package mxgraph
CVE-2023-26136 Vulnerability in maven package org.webjars.npm:tough-cookie
CVE-2016-10735 Vulnerability in maven package org.webjars:bootstrap-sass
CVE-2021-33562 Vulnerability in maven package com.shopizer:shopizer
CVE-2019-15482 Vulnerability in npm package selectize-plugin-a11y