Description
The DiagnosticsHandler in JGroup 3.0.x, 3.1.x, 3.2.x before 3.2.9, and 3.3.x before 3.3.3 allows remote attackers to obtain sensitive information (diagnostic information) and execute arbitrary code by reusing valid credentials.
Remediation
References
http://rhn.redhat.com/errata/RHSA-2013-1207.html
http://rhn.redhat.com/errata/RHSA-2013-1208.html
http://rhn.redhat.com/errata/RHSA-2013-1209.html
http://rhn.redhat.com/errata/RHSA-2013-1437.html
http://rhn.redhat.com/errata/RHSA-2013-1771.html
http://rhn.redhat.com/errata/RHSA-2014-0029.html
https://bugzilla.redhat.com/show_bug.cgi?id=983489
Related Vulnerabilities
CVE-2017-2654 Vulnerability in maven package org.jenkins-ci.plugins:email-ext
CVE-2018-1000187 Vulnerability in maven package org.csanchez.jenkins.plugins:kubernetes
CVE-2014-3667 Vulnerability in maven package org.jenkins-ci.main:jenkins-core
CVE-2018-1000600 Vulnerability in maven package com.coravy.hudson.plugins.github:github
CVE-2017-3154 Vulnerability in maven package org.apache.atlas:apache-atlas