Description
A missing permission check in Jenkins XPath Configuration Viewer Plugin 1.1.1 and earlier allows attackers with Overall/Read permission to access the XPath Configuration Viewer page.
Remediation
References
https://www.jenkins.io/security/advisory/2022-06-30/#SECURITY-2002
Related Vulnerabilities
CVE-2022-43396 Vulnerability in maven package org.apache.kylin:kylin-core-common
CVE-2023-50710 Vulnerability in npm package hono
CVE-2022-47551 Vulnerability in maven package io.apiman:apiman-manager-api-beans
CVE-2022-40145 Vulnerability in maven package org.apache.karaf.jaas:org.apache.karaf.jaas.modules
CVE-2022-22965 Vulnerability in maven package org.springframework.boot:spring-boot-starter-web