Description
A vulnerability in the Stapler web framework used in Jenkins 2.185 and earlier, LTS 2.176.1 and earlier allowed attackers to access view fragments directly, bypassing permission checks and possibly obtain sensitive information.
Remediation
References
http://www.openwall.com/lists/oss-security/2019/07/17/2
http://www.securityfocus.com/bid/109373
https://access.redhat.com/errata/RHSA-2019:2503
https://access.redhat.com/errata/RHSA-2019:2548
https://jenkins.io/security/advisory/2019-07-17/#SECURITY-534
Related Vulnerabilities
CVE-2022-25927 Vulnerability in maven package org.webjars.npm:ua-parser-js
CVE-2020-36381 Vulnerability in npm package aaptjs
CVE-2022-24433 Vulnerability in npm package simple-git
CVE-2023-35147 Vulnerability in maven package org.jenkins-ci.plugins:aws-codecommit-trigger
CVE-2023-28709 Vulnerability in maven package org.apache.tomcat:tomcat-catalina