Description
Jenkins Request Rename Or Delete Plugin 1.1.0 and earlier does not correctly perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to view an administrative configuration page listing pending requests.
Remediation
References
https://www.jenkins.io/security/advisory/2022-06-30/#SECURITY-1996
Related Vulnerabilities
CVE-2019-1003089 Vulnerability in maven package ren.helloworld:upload-pgyer
CVE-2022-23945 Vulnerability in maven package org.apache.shenyu:shenyu-common
CVE-2023-27296 Vulnerability in maven package org.apache.inlong:manager-pojo
CVE-2019-0193 Vulnerability in maven package org.apache.solr:solr-core
CVE-2018-12545 Vulnerability in maven package org.eclipse.jetty.http2:http2-common