Description

The Exclusion plugin before 0.9 for Jenkins does not properly prevent access to resource locks, which allows remote authenticated users to list and release resources via unspecified vectors.

Remediation

References

https://wiki.jenkins-ci.org/display/JENKINS/Exclusion-Plugin

https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2013-11-20

Related Vulnerabilities

CVE-2021-42392 Vulnerability in maven package com.h2database:h2

CVE-2009-0217 Vulnerability in maven package org.apache.santuario:xmlsec

CVE-2019-1003051 Vulnerability in maven package org.jvnet.hudson.plugins:ircbot

CVE-2023-32695 Vulnerability in maven package org.webjars.npm:socket.io-parser

CVE-2020-1952 Vulnerability in maven package org.apache.iotdb:iotdb-server

Severity

Critical

Classification

CWE-264

Tags

Vendor Advisory