Description
Jenkins before 1.583 and LTS before 1.565.3 allows remote authenticated users with the Job/CONFIGURE permission to bypass intended restrictions and create or destroy arbitrary jobs via unspecified vectors.
Remediation
References
https://access.redhat.com/errata/RHSA-2016:0070
https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-01
Related Vulnerabilities
CVE-2023-6291 Vulnerability in maven package org.keycloak:keycloak-services
CVE-2017-11479 Vulnerability in npm package kibana
CVE-2023-46233 Vulnerability in maven package org.webjars.bowergithub.brix:crypto-js
CVE-2020-6458 Vulnerability in maven package org.webjars.npm:electron
CVE-2018-1000147 Vulnerability in maven package org.jvnet.hudson.plugins:perforce