Description
A missing permission check in Jenkins Code Dx Plugin 3.1.0 and earlier allows attackers with Item/Read permission to check for the existence of an attacker-specified file path on an agent file system.
Remediation
References
https://www.jenkins.io/security/advisory/2023-05-16/#SECURITY-3145
Related Vulnerabilities
CVE-2022-34204 Vulnerability in maven package com.geteasyqa:easyqa
CVE-2022-28890 Vulnerability in maven package org.apache.jena:jena-core
CVE-2020-13928 Vulnerability in maven package org.apache.atlas:apache-atlas
CVE-2019-1003053 Vulnerability in maven package org.jenkins-ci.plugins:hockeyapp
CVE-2011-2092 Vulnerability in maven package com.adobe.blazeds:flex-messaging-core