CVE-2013-6373: Jenkins Exclusion Plugin allows Access to Resource Locks
(updated )
The Exclusion plugin before 0.9 for Jenkins does not properly prevent access to resource locks, which allows remote authenticated users to list and release resources via unspecified vectors.
References
- github.com/advisories/GHSA-2q8v-439j-6p77
- github.com/jenkinsci/exclusion-plugin
- github.com/jenkinsci/exclusion-plugin/commit/847f9aeb407c0f47046d184080c9e2c2e3720311
- nvd.nist.gov/vuln/detail/CVE-2013-6373
- wiki.jenkins-ci.org/display/JENKINS/Exclusion-Plugin
- wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2013-11-20
Code Behaviors & Features
Detect and mitigate CVE-2013-6373 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →