Description
Missing permission checks in Jenkins Team Concert Plugin 2.4.1 and earlier allow attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system.
Remediation
References
https://www.jenkins.io/security/advisory/2023-06-14/#SECURITY-2932
Related Vulnerabilities
CVE-2023-0105 Vulnerability in maven package org.keycloak:keycloak-core
CVE-2021-36151 Vulnerability in maven package org.apache.gobblin:gobblin-core
CVE-2021-41182 Vulnerability in maven package org.webjars.bowergithub.jquery:jquery-ui
CVE-2014-7816 Vulnerability in maven package io.undertow:undertow-core
CVE-2021-22134 Vulnerability in maven package org.elasticsearch:elasticsearch