Description
Jenkins before 2.3 and LTS before 1.651.2 allows remote authenticated users to trigger updating of update site metadata by leveraging a missing permissions check. NOTE: this issue can be combined with DNS cache poisoning to cause a denial of service (service disruption).
Remediation
References
Related Vulnerabilities
SharePoint CVE-2022-41038 Vulnerability (CVE-2022-41038)
WordPress Plugin MailChimp for WooCommerce Local File Inclusion (2.1.1)
e107 Credentials Management Errors Vulnerability (CVE-2013-7305)
MySQL CVE-2021-35625 Vulnerability (CVE-2021-35625)
Jenkins Incorrect Authorization Vulnerability (CVE-2020-2104)