Description

The Exclusion plugin before 0.9 for Jenkins does not properly prevent access to resource locks, which allows remote authenticated users to list and release resources via unspecified vectors.

Remediation

References

https://wiki.jenkins-ci.org/display/JENKINS/Exclusion-Plugin

https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2013-11-20

Related Vulnerabilities

CVE-2017-11482 Vulnerability in npm package kibana

CVE-2023-29212 Vulnerability in maven package org.xwiki.platform:xwiki-platform-panels-ui

CVE-2023-24422 Vulnerability in maven package org.jenkins-ci.plugins:script-security

CVE-2022-41928 Vulnerability in maven package org.xwiki.platform:xwiki-platform-attachment-ui

CVE-2022-23181 Vulnerability in maven package org.apache.tomcat:tomcat

Severity

Critical

Classification

CWE-264

Tags

Vendor Advisory