Description
The doIndex function in hudson/util/RemotingDiagnostics.java in CloudBees Jenkins before 1.551 and LTS before 1.532.2 allows remote authenticated users with the ADMINISTER permission to obtain sensitive information via vectors related to heapDump.
Remediation
References
Related Vulnerabilities
Django Improper Validation of Specified Quantity in Input Vulnerability (CVE-2024-41991)
Oracle Database Server CVE-2023-22075 Vulnerability (CVE-2023-22075)
Ruby Permissions, Privileges, and Access Controls Vulnerability (CVE-2013-2065)
PostgreSQL Permissions, Privileges, and Access Controls Vulnerability (CVE-2016-3065)
WordPress Plugin EMC2 Custom Help Videos Cross-Site Scripting (1.2)