Description
A missing permission check in Jenkins Fogbugz Plugin 2.2.17 and earlier allows attackers with Item/Read permission to trigger builds of jobs specified in a 'jobname' request parameter.
Remediation
References
http://www.openwall.com/lists/oss-security/2023/04/13/3
https://www.jenkins.io/security/advisory/2023-04-12/#SECURITY-2873
Related Vulnerabilities
CVE-2015-3250 Vulnerability in maven package org.apache.directory.api:api-ldap-model
CVE-2018-1000536 Vulnerability in npm package medis
CVE-2021-42697 Vulnerability in maven package com.typesafe.akka:akka-http-core_2.13
CVE-2020-7617 Vulnerability in npm package ini-parser
CVE-2021-4040 Vulnerability in maven package org.apache.activemq:artemis-core-client