Description
In Jenkins 2.399 and earlier, LTS 2.387.3 and earlier, POST requests are sent in order to load the list of context actions. If part of the URL includes insufficiently escaped user-provided values, a victim may be tricked into sending a POST request to an unexpected endpoint by opening a context menu.
Remediation
References
http://www.openwall.com/lists/oss-security/2023/06/14/5
https://www.jenkins.io/security/advisory/2023-06-14/#SECURITY-3135
Related Vulnerabilities
CVE-2017-12629 Vulnerability in maven package org.apache.lucene:lucene-queryparser
CVE-2019-17573 Vulnerability in maven package org.apache.cxf:cxf-bundle
CVE-2020-13957 Vulnerability in maven package org.apache.solr:solr-solrj
CVE-2022-24913 Vulnerability in maven package com.fasterxml.util:java-merge-sort