Description
Jenkins before 2.3 and LTS before 1.651.2 allows remote authenticated users to trigger updating of update site metadata by leveraging a missing permissions check. NOTE: this issue can be combined with DNS cache poisoning to cause a denial of service (service disruption).
Remediation
References
Related Vulnerabilities
PHP Numeric Errors Vulnerability (CVE-2016-4345)
WordPress Plugin Slimstat Analytics Cross-Site Scripting (4.6.2)
Drupal Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2020-13674)
WordPress Plugin GigPress 'Notes' Field HTML Injection (2.1.10)
WordPress Plugin Custom Website Data Cross-Site Scripting (2.2)