Description
A vulnerability in the Stapler web framework used in Jenkins 2.185 and earlier, LTS 2.176.1 and earlier allowed attackers to access view fragments directly, bypassing permission checks and possibly obtain sensitive information.
Remediation
References
https://jenkins.io/security/advisory/2019-07-17/#SECURITY-534
http://www.openwall.com/lists/oss-security/2019/07/17/2
http://www.securityfocus.com/bid/109373
https://access.redhat.com/errata/RHSA-2019:2503
https://access.redhat.com/errata/RHSA-2019:2548
Related Vulnerabilities
CVE-2021-40823 Vulnerability in npm package matrix-js-sdk
CVE-2023-40037 Vulnerability in maven package org.apache.nifi:nifi-hikari-dbcp-service
CVE-2022-46686 Vulnerability in maven package io.jenkins.plugins:custom-build-properties
CVE-2016-10006 Vulnerability in maven package org.owasp.antisamy:antisamy