Description
Jenkins before 2.3 and LTS before 1.651.2 allows remote authenticated users to trigger updating of update site metadata by leveraging a missing permissions check. NOTE: this issue can be combined with DNS cache poisoning to cause a denial of service (service disruption).
Remediation
References
Related Vulnerabilities
MyBB Permissions, Privileges, and Access Controls Vulnerability (CVE-2016-9403)
WordPress Plugin Nmedia WordPress Member Conversation 'doupload.php' Arbitrary File Upload (1.3)
WordPress Plugin W3 Total Cache Arbitrary File Disclosure (0.9.3)
WordPress Plugin Link Library Cross-Site Scripting (5.9.12.29)