Description
Jenkins Warnings Next Generation Plugin 8.4.4 and earlier does not perform a permission check in methods implementing form validation, allowing attackers with Item/Read permission but without Item/Workspace or Item/Configure permission to check whether attacker-specified file patterns match workspace contents.
Remediation
References
https://www.jenkins.io/security/advisory/2021-03-18/#SECURITY-2041
http://www.openwall.com/lists/oss-security/2021/03/18/5
Related Vulnerabilities
CVE-2021-21697 Vulnerability in maven package org.jenkins-ci.main:jenkins-core
CVE-2023-30331 Vulnerability in maven package com.ibeetl:beetl
CVE-2023-33939 Vulnerability in maven package com.liferay:com.liferay.portal.search.web
CVE-2023-28682 Vulnerability in maven package org.jenkins-ci.plugins:perfpublisher