Description
A vulnerability in the Stapler web framework used in Jenkins 2.185 and earlier, LTS 2.176.1 and earlier allowed attackers to access view fragments directly, bypassing permission checks and possibly obtain sensitive information.
Remediation
References
http://www.openwall.com/lists/oss-security/2019/07/17/2
http://www.securityfocus.com/bid/109373
https://access.redhat.com/errata/RHSA-2019:2503
https://access.redhat.com/errata/RHSA-2019:2548
https://jenkins.io/security/advisory/2019-07-17/#SECURITY-534
Related Vulnerabilities
CVE-2022-25851 Vulnerability in npm package jpeg-js
CVE-2021-43807 Vulnerability in maven package org.opencastproject:opencast-common
CVE-2021-38296 Vulnerability in maven package org.apache.spark:spark-core
CVE-2020-1935 Vulnerability in maven package org.apache.tomcat:tomcat-coyote
CVE-2020-17519 Vulnerability in maven package org.apache.flink:flink-runtime_2.12