Description

An improper authorization vulnerability exists in Jenkins versions 2.106 and earlier, and LTS 2.89.3 and earlier, that allows an attacker to have Jenkins submit HTTP GET requests and get limited information about the response.

Remediation

References

https://jenkins.io/security/advisory/2018-02-14/#SECURITY-506

https://www.oracle.com/security-alerts/cpuapr2022.html

Related Vulnerabilities

CVE-2020-7652 Vulnerability in npm package snyk-broker

CVE-2023-31103 Vulnerability in maven package org.apache.inlong:manager-test

CVE-2021-28092 Vulnerability in maven package org.webjars.npm:is-svg

CVE-2022-36313 Vulnerability in maven package org.webjars.npm:file-type

CVE-2023-27898 Vulnerability in maven package org.jenkins-ci.main:jenkins-core

Severity

Medium

Classification

CWE-918 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Tags

Vendor Advisory Patch Third Party Advisory