Description
The Exclusion plugin before 0.9 for Jenkins does not properly prevent access to resource locks, which allows remote authenticated users to list and release resources via unspecified vectors.
Remediation
References
https://wiki.jenkins-ci.org/display/JENKINS/Exclusion-Plugin
https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2013-11-20
Related Vulnerabilities
CVE-2017-4973 Vulnerability in maven package org.cloudfoundry.identity:cloudfoundry-identity-uaa
CVE-2019-10240 Vulnerability in maven package org.eclipse.hawkbit:hawkbit-parent
CVE-2022-29253 Vulnerability in maven package org.xwiki.platform:xwiki-platform-oldcore
CVE-2023-24435 Vulnerability in maven package org.jenkins-ci.plugins:ghprb
CVE-2020-6422 Vulnerability in maven package org.webjars.npm:electron