Description
A missing permission check in Jenkins XP-Dev Plugin 1.0 and earlier allows unauthenticated attackers to trigger builds of jobs corresponding to an attacker-specified repository.
Remediation
References
http://www.openwall.com/lists/oss-security/2022/11/15/4
https://www.jenkins.io/security/advisory/2022-11-15/#SECURITY-2853
Related Vulnerabilities
CVE-2021-23358 Vulnerability in npm package underscore
CVE-2020-28458 Vulnerability in maven package org.webjars.npm:datatables.net
CVE-2021-21252 Vulnerability in npm package jquery-validation
CVE-2019-16574 Vulnerability in maven package com.alauda.jenkins.plugins:alauda-devops-pipeline
CVE-2018-16472 Vulnerability in maven package org.webjars.npm:cached-path-relative