Description
Jenkins before 2.3 and LTS before 1.651.2 might allow remote authenticated users to inject arbitrary build parameters into the build environment via environment variables.
Remediation
References
Related Vulnerabilities
Missing Authentication Check in SAP Solution Manager
WordPress Plugin Fancy Product Designer-WooCommerce Cross-Site Scripting (3.4.1)
Roundcube Unspesificed Vulnerability (CVE-2019-10740)
PHP Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-11145)
WordPress Plugin Stop User Enumeration User Enumeration (1.3.8)