Description
The Exclusion plugin before 0.9 for Jenkins does not properly prevent access to resource locks, which allows remote authenticated users to list and release resources via unspecified vectors.
Remediation
References
https://wiki.jenkins-ci.org/display/JENKINS/Exclusion-Plugin
https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2013-11-20
Related Vulnerabilities
CVE-2023-31066 Vulnerability in maven package org.apache.inlong:manager-service
CVE-2014-0119 Vulnerability in maven package org.apache.tomcat.embed:tomcat-embed-core
CVE-2023-24436 Vulnerability in maven package org.jenkins-ci.plugins:ghprb
CVE-2020-2240 Vulnerability in maven package org.jenkins-ci.plugins:database
CVE-2023-49798 Vulnerability in npm package @openzeppelin/contracts-upgradeable