CVE-2013-6373 – org.jenkins-ci.plugins:exclusion

Package

Manager: maven
Name: org.jenkins-ci.plugins:exclusion
Vulnerable Version: >=0 <0.9

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N

EPSS: 0.00403 pctl0.60113

Details

Jenkins Exclusion Plugin allows Access to Resource Locks The Exclusion plugin before 0.9 for Jenkins does not properly prevent access to resource locks, which allows remote authenticated users to list and release resources via unspecified vectors.

Metadata

Created: 2022-05-17T03:51:00Z
Modified: 2025-03-13T19:06:07Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-2q8v-439j-6p77/GHSA-2q8v-439j-6p77.json
CWE IDs: ["CWE-284"]
Alternative ID: GHSA-2q8v-439j-6p77
Finding: F039
Auto approve: 1