Description
Jenkins before 2.3 and LTS before 1.651.2 allows remote authenticated users to trigger updating of update site metadata by leveraging a missing permissions check. NOTE: this issue can be combined with DNS cache poisoning to cause a denial of service (service disruption).
Remediation
References
Related Vulnerabilities
WordPress Plugin UserPro-Community and User Profile Cross-Site Scripting (4.9.33)
Apache HTTP Server CVE-2005-2088 Vulnerability (CVE-2005-2088)
WordPress 5.7.x Multiple Vulnerabilities (5.7 - 5.7.7)
Oracle JRE CVE-2011-3547 Vulnerability (CVE-2011-3547)
WordPress Plugin U Extended Comment 'fileurl' Parameter Arbitrary File Download (1.0.1)