Jenkins before 2.3 and LTS before 1.651.2 allows remote authenticated users to trigger updating of update site metadata by leveraging a missing permissions check. NOTE: this issue can be combined with DNS cache poisoning to cause a denial of service (service disruption).
{ "nvd_published_at": "2016-05-17T14:08:00Z", "github_reviewed_at": "2022-11-02T00:40:54Z", "severity": "MODERATE", "github_reviewed": true, "cwe_ids": [ "CWE-280" ] }