Description

The doIndex function in hudson/util/RemotingDiagnostics.java in CloudBees Jenkins before 1.551 and LTS before 1.532.2 allows remote authenticated users with the ADMINISTER permission to obtain sensitive information via vectors related to heapDump.

Remediation

References

CVE-2014-2068

Related Vulnerabilities

Envoy Proxy Improper Certificate Validation Vulnerability (CVE-2022-21657)

Liferay DXP Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-26593)

WebLogic Other Vulnerability (CVE-2020-10672)

Drupal Core 8.8.0 Denial of Service (8.8.0)

Apache Traffic Server Improper Check for Unusual or Exceptional Conditions Vulnerability (CVE-2022-37392)

Severity

Low

Classification

CVE-2014-2068 CWE-264

Tags

Missing Update Known Vulnerabilities