Description
A vulnerability in the Stapler web framework used in Jenkins 2.185 and earlier, LTS 2.176.1 and earlier allowed attackers to access view fragments directly, bypassing permission checks and possibly obtain sensitive information.
Remediation
References
http://www.openwall.com/lists/oss-security/2019/07/17/2
http://www.securityfocus.com/bid/109373
https://access.redhat.com/errata/RHSA-2019:2503
https://access.redhat.com/errata/RHSA-2019:2548
https://jenkins.io/security/advisory/2019-07-17/#SECURITY-534
Related Vulnerabilities
CVE-2023-7078 Vulnerability in npm package miniflare
CVE-2014-0073 Vulnerability in npm package cordova-plugin-inappbrowser
CVE-2022-36079 Vulnerability in npm package parse-server
CVE-2023-35887 Vulnerability in maven package org.apache.sshd:sshd-common
CVE-2023-28444 Vulnerability in npm package angular-server-side-configuration