Description
Jenkins before versions 2.44, 2.32.2 is vulnerable to an insufficient permission check for periodic processes (SECURITY-389). The URLs /workspaceCleanup and /fingerprintCleanup did not perform permission checks, allowing users with read access to Jenkins to trigger these background processes (that are otherwise performed daily), possibly causing additional load on Jenkins master and agents.
Remediation
References
Related Vulnerabilities
Drupal Other Vulnerability (CVE-2005-2106)
WordPress 2.0.9 Multiple Vulnerabilities (2.0 - 2.0.9)
IBM RTC Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2014-3050)
WordPress Plugin IMPress Listings Cross-Site Scripting (2.0.1)
WordPress Plugin Chameleoni Jobs Multiple Cross-Site Scripting Vulnerabilities (1.2.2)