Description
Jenkins Support Core Plugin 2.72 and earlier provides the serialized user authentication as part of the "About user (basic authentication details only)" information, which can include the session ID of the user creating the support bundle in some configurations.
Remediation
References
https://www.jenkins.io/security/advisory/2021-02-24/#SECURITY-2150
Related Vulnerabilities
CVE-2022-43670 Vulnerability in maven package org.apache.sling:org.apache.sling.cms
CVE-2012-2379 Vulnerability in maven package org.apache.cxf:cxf-bundle-minimal
CVE-2019-10083 Vulnerability in maven package org.apache.nifi:nifi-framework-bundle
CVE-2023-48222 Vulnerability in maven package org.rundeck:rundeck
CVE-2009-0217 Vulnerability in maven package org.apache.santuario:xmlsec