Description
A missing authorization vulnerability exists in versions of the Jenkins Plug-in for ServiceNow DevOps prior to 1.38.1 that, if exploited successfully, could cause the unwanted exposure of sensitive information. To address this issue, apply the 1.38.1 version of the Jenkins plug-in for ServiceNow DevOps on your Jenkins server. No changes are required on your instances of the Now Platform.
Remediation
References
https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1434119
Related Vulnerabilities
CVE-2020-26282 Vulnerability in maven package com.browserup:browserup-proxy-rest
CVE-2020-4076 Vulnerability in npm package electron
CVE-2022-1295 Vulnerability in npm package fullpage.js
CVE-2018-1000632 Vulnerability in maven package dom4j:dom4j
CVE-2023-40810 Vulnerability in maven package org.opencrx:opencrx-core-models