stapler web framework is vulnerable to Improper Access Control. The UI views are frequently comprised of several view fragments, enabling plugins to extend existing views with more content. This vulnerability allows an attacker to directly access a view fragment containing sensitive information, bypassing any permission checks in the corresponding view.
www.openwall.com/lists/oss-security/2019/07/17/2
www.securityfocus.com/bid/109373
access.redhat.com/errata/RHSA-2019:2503
access.redhat.com/errata/RHSA-2019:2548
github.com/stapler/stapler/commit/19637555a9f32d3875356b47234131d8b1e9fee4
github.com/stapler/stapler/pull/166
jenkins.io/security/advisory/2019-07-17/#SECURITY-534