Description

BuildTrigger in Jenkins before 1.551 and LTS before 1.532.2 allows remote authenticated users to bypass access restrictions and execute arbitrary jobs by configuring a job to trigger another job. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-7330.

Remediation

References

CVE-2014-2058

Related Vulnerabilities

WordPress Plugin WPGraphQL Security Bypass (0.2.3)

Jenkins Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2013-0327)

WordPress Plugin WordPress WP-Advanced-Search Remote Code Execution (3.3.3)

Drupal Other Vulnerability (CVE-2006-1227)

phpMyFAQ Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-0308)

Severity

Medium

Classification

CVE-2014-2058 CWE-264

Tags

Missing Update Known Vulnerabilities