Jenkins before 2.3 and LTS before 1.651.2 allows remote authenticated users to trigger updating of update site metadata by leveraging a missing permissions check. NOTE: this issue can be combined with DNS cache poisoning to cause a denial of service (service disruption).
Name | Vendor | Start Version | End Version |
---|---|---|---|
Jenkins | Jenkins | * | 1.651.1 (including) |