Description
In Jenkins before versions 2.44, 2.32.2 low privilege users were able to override JDK download credentials (SECURITY-392), resulting in future builds possibly failing to download a JDK.
Remediation
References
Related Vulnerabilities
MySQL CVE-2017-3643 Vulnerability (CVE-2017-3643)
WordPress Plugin Generate PDF using Contact Form 7 Cross-Site Scripting (3.5)
Jenkins Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2015-5317)
Apache Tomcat Numeric Errors Vulnerability (CVE-2012-0022)
TCExam Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2011-3806)