Description
A missing permission check in Jenkins Scriptler Plugin 342.v6a_89fd40f466 and earlier allows attackers with Overall/Read permission to read the contents of a Groovy script by knowing its ID.
Remediation
References
https://www.jenkins.io/security/advisory/2023-12-13/#SECURITY-3206
http://www.openwall.com/lists/oss-security/2023/12/13/4
Related Vulnerabilities
CVE-2015-8854 Vulnerability in maven package org.webjars:marked
CVE-2023-40178 Vulnerability in npm package @node-saml/node-saml
CVE-2015-3250 Vulnerability in maven package org.apache.directory.api:api-ldap-client-all
CVE-2023-37899 Vulnerability in npm package @feathersjs/transport-commons
CVE-2012-2733 Vulnerability in maven package org.apache.tomcat:tomcat-coyote