Description
Jenkins Support Core Plugin 2.72 and earlier provides the serialized user authentication as part of the "About user (basic authentication details only)" information, which can include the session ID of the user creating the support bundle in some configurations.
Remediation
References
https://www.jenkins.io/security/advisory/2021-02-24/#SECURITY-2150
Related Vulnerabilities
CVE-2022-41937 Vulnerability in maven package org.xwiki.platform:xwiki-platform-filter-ui
CVE-2020-15252 Vulnerability in maven package org.xwiki.platform:xwiki-platform-oldcore
CVE-2013-2067 Vulnerability in maven package org.apache.tomcat.embed:tomcat-embed-core
CVE-2022-23494 Vulnerability in npm package tinymce
CVE-2023-40037 Vulnerability in maven package org.apache.nifi:nifi-hikari-dbcp-service