Description
A missing permission check in Jenkins TurboScript Plugin 1.3 and earlier allows attackers with Item/Read permission to trigger builds of jobs corresponding to the attacker-specified repository.
Remediation
References
https://www.jenkins.io/security/advisory/2023-04-12/#SECURITY-2851
http://www.openwall.com/lists/oss-security/2023/04/13/3
Related Vulnerabilities
CVE-2017-5662 Vulnerability in maven package batik:batik-dom
CVE-2017-7957 Vulnerability in maven package org.hudsonci.tools:xstream
CVE-2023-24444 Vulnerability in maven package org.jenkins-ci.plugins:openid
CVE-2022-25869 Vulnerability in maven package org.webjars.npm:angular
CVE-2016-3674 Vulnerability in maven package org.jbehave:jbehave-core