Description
A vulnerability in the Stapler web framework used in Jenkins 2.185 and earlier, LTS 2.176.1 and earlier allowed attackers to access view fragments directly, bypassing permission checks and possibly obtain sensitive information.
Remediation
References
Related Vulnerabilities
WordPress Plugin Simple Download Monitor Cross-Site Scripting (3.5.3)
PostgreSQL Permissions, Privileges, and Access Controls Vulnerability (CVE-2006-0553)
Jboss EAP Improper Restriction of XML External Entity Reference Vulnerability (CVE-2017-7503)
LimeSurvey Incorrect Default Permissions Vulnerability (CVE-2019-16183)