Description

The Exclusion plugin before 0.9 for Jenkins does not properly prevent access to resource locks, which allows remote authenticated users to list and release resources via unspecified vectors.

Remediation

References

https://wiki.jenkins-ci.org/display/JENKINS/Exclusion-Plugin

https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2013-11-20

Related Vulnerabilities

CVE-2016-10364 Vulnerability in npm package kibana

CVE-2009-2901 Vulnerability in maven package org.apache.tomcat:catalina

CVE-2022-34916 Vulnerability in maven package org.apache.flume.flume-ng-sources:flume-jms-source

CVE-2019-10378 Vulnerability in maven package org.jenkins-ci.plugins:testlink

CVE-2018-16115 Vulnerability in maven package com.typesafe.akka:akka-actor_2.12

Severity

Critical

Classification

CWE-264

Tags

Vendor Advisory