6.2 Medium
AI Score
Confidence
Low
0.002 Low
EPSS
Percentile
57.4%
The Exclusion plugin before 0.9 for Jenkins does not properly prevent access to resource locks, which allows remote authenticated users to list and release resources via unspecified vectors.
wiki.jenkins-ci.org/display/JENKINS/Exclusion-Plugin
wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2013-11-20