Description
Jenkins Implied Labels Plugin 0.6 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to configure the plugin.
Remediation
References
https://www.jenkins.io/security/advisory/2020-09-23/#SECURITY-2004
http://www.openwall.com/lists/oss-security/2020/09/23/1
Related Vulnerabilities
CVE-2020-2157 Vulnerability in maven package org.jenkins-ci.plugins:skytap
CVE-2023-35145 Vulnerability in maven package org.jenkins-ci.plugins:sonargraph-integration
CVE-2023-24453 Vulnerability in maven package org.jenkins-ci.plugins:testquality-updater
CVE-2011-3375 Vulnerability in maven package org.apache.tomcat:coyote
CVE-2015-6524 Vulnerability in maven package org.apache.activemq:activemq-osgi