Description
A improper authorization vulnerability exists in Jenkins 2.137 and earlier, 2.121.2 and earlier in UpdateCenter.java that allows attackers to cancel a Jenkins restart scheduled through the update center.
Remediation
References
https://jenkins.io/security/advisory/2018-08-15/#SECURITY-1076
Related Vulnerabilities
CVE-2019-1003081 Vulnerability in maven package org.jenkins-ci.plugins:openshift-deployer
CVE-2018-12541 Vulnerability in maven package io.vertx:vertx-core
CVE-2020-14326 Vulnerability in maven package org.jboss.resteasy:resteasy-core
CVE-2016-8751 Vulnerability in maven package org.apache.ranger:ranger
CVE-2021-21692 Vulnerability in maven package org.jenkins-ci.main:jenkins-core