Description

Jenkins 2.470 and earlier, LTS 2.452.3 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to access other users' "My Views".

Remediation

References

CVE-2024-43045

Related Vulnerabilities

WordPress Plugin PropertyHive Cross-Site Scripting (1.4.14)

WordPress Plugin WM Simple Captcha Security Bypass (2.0.3)

Apache HTTP Server Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2005-3352)

WordPress Plugin All-In-One Security (AIOS)-Security and Firewall Cross-Site Scripting (4.4.5)

WordPress Plugin Slider Hero with Animation, Video Background Unspecified Vulnerability (5.5.0)

Severity

Medium

Classification

CVE-2024-43045 CWE-862 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Tags

Missing Update Known Vulnerabilities