Description

An improper authorization vulnerability exists in Jenkins versions 2.106 and earlier, and LTS 2.89.3 and earlier, that allows an attacker to have Jenkins submit HTTP GET requests and get limited information about the response.

Remediation

References

https://jenkins.io/security/advisory/2018-02-14/#SECURITY-506

https://www.oracle.com/security-alerts/cpuapr2022.html

Related Vulnerabilities

CVE-2023-24997 Vulnerability in maven package org.apache.inlong:manager-pojo

CVE-2023-32262 Vulnerability in maven package org.jenkins-ci.plugins:dimensionsscm

CVE-2022-39249 Vulnerability in npm package matrix-js-sdk

CVE-2023-31206 Vulnerability in maven package org.apache.inlong:manager-pojo

CVE-2023-34234 Vulnerability in npm package @openzeppelin/contracts-upgradeable

Severity

Medium

Classification

CWE-918 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Tags

Vendor Advisory Patch Third Party Advisory