Description
Jenkins Health Advisor by CloudBees Plugin 3.2.0 and earlier does not correctly perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to view that HTTP endpoint.
Remediation
References
https://www.jenkins.io/security/advisory/2020-09-16/#SECURITY-1998
http://www.openwall.com/lists/oss-security/2020/09/16/3
Related Vulnerabilities
CVE-2010-1157 Vulnerability in maven package tomcat:catalina
CVE-2022-36091 Vulnerability in maven package org.xwiki.platform:xwiki-platform-web-templates
CVE-2021-3827 Vulnerability in maven package org.keycloak:keycloak-saml-core
CVE-2018-1999005 Vulnerability in maven package org.jenkins-ci.main:jenkins-core
CVE-2023-49382 Vulnerability in maven package com.jfinal:jfinal