Description
The doIndex function in hudson/util/RemotingDiagnostics.java in CloudBees Jenkins before 1.551 and LTS before 1.532.2 allows remote authenticated users with the ADMINISTER permission to obtain sensitive information via vectors related to heapDump.
Remediation
References
Related Vulnerabilities
XWiki Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2020-11057)
Python Uncontrolled Resource Consumption Vulnerability (CVE-2012-0876)
MediaWiki Incorrect Permission Assignment for Critical Resource Vulnerability (CVE-2021-30152)