Description
A Improper authorization vulnerability exists in Jenkins 2.132 and earlier, 2.121.1 and earlier in SlaveComputer.java that allows attackers with Overall/Read permission to initiate agent launches, and abort in-progress agent launches.
Remediation
References
https://jenkins.io/security/advisory/2018-07-18/#SECURITY-892
https://www.oracle.com/security-alerts/cpuapr2022.html
Related Vulnerabilities
CVE-2020-11976 Vulnerability in maven package org.apache.wicket:wicket-core
CVE-2021-40663 Vulnerability in npm package deep.assign
CVE-2017-4973 Vulnerability in maven package org.cloudfoundry.identity:cloudfoundry-identity-uaa
CVE-2023-34238 Vulnerability in npm package gatsby-transformer-remark
CVE-2015-1833 Vulnerability in maven package org.apache.jackrabbit:jackrabbit-webdav