Description
The doIndex function in hudson/util/RemotingDiagnostics.java in CloudBees Jenkins before 1.551 and LTS before 1.532.2 allows remote authenticated users with the ADMINISTER permission to obtain sensitive information via vectors related to heapDump.
Remediation
References
Related Vulnerabilities
WordPress Plugin Seriously Simple Podcasting Cross-Site Request Forgery (2.16.0)
Oracle Database Server CVE-2019-2913 Vulnerability (CVE-2019-2913)
Jboss EAP Improper Neutralization of CRLF Sequences ('CRLF Injection') Vulnerability (CVE-2016-4993)
Perl CVE-2016-6185 Vulnerability (CVE-2016-6185)
Drupal Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2020-13663)