Description

Jenkins 2.470 and earlier, LTS 2.452.3 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to access other users' "My Views".

Remediation

References

CVE-2024-43045

Related Vulnerabilities

PHP Integer Overflow or Wraparound Vulnerability (CVE-2022-37454)

WordPress Plugin Connections Business Directory Unspecified Vulnerability (0.7.1.5)

MediaWiki Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2014-5242)

LimeSurvey Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2022-48008)

WordPress Plugin MailPoet Newsletters (Previous) Unspecified Vulnerability (2.7.8)

Severity

Medium

Classification

CVE-2024-43045 CWE-862 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Tags

Missing Update Known Vulnerabilities