Description

An improper authorization vulnerability exists in Jenkins versions 2.106 and earlier, and LTS 2.89.3 and earlier, that allows an attacker to have Jenkins submit HTTP GET requests and get limited information about the response.

Remediation

References

https://jenkins.io/security/advisory/2018-02-14/#SECURITY-506

https://www.oracle.com/security-alerts/cpuapr2022.html

Related Vulnerabilities

CVE-2021-25864 Vulnerability in npm package node-red-contrib-huemagic

CVE-2021-21120 Vulnerability in maven package org.webjars.npm:electron

CVE-2020-26217 Vulnerability in maven package org.jvnet.hudson:xstream

CVE-2014-0014 Vulnerability in npm package ember

CVE-2016-3737 Vulnerability in maven package org.rhq:rhq-enterprise-comm

Severity

Medium

Classification

CWE-918 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Tags

Vendor Advisory Patch Third Party Advisory