GHSA-2rmj-mq67-h97g: Spring Framework DoS via conditional HTTP request

GHSA-gcx4-mw62-g8wm: DOM Clobbering Gadget found in rollup bundled scripts that leads to XSS

GHSA-8fx8-3rg2-79xw: Camaleon CMS vulnerable to stored XSS through user file upload (GHSL-2024-184)

GHSA-3hp8-6j24-m5gm: Camaleon CMS vulnerable to remote code execution through code injection (GHSL-2024-185)

GHSA-2wq5-g96f-mv3v: Ouch! allows a segmentation fault due to use of uninitialized memory

Jenkins 2.470 and earlier, LTS 2.452.3 and earlier does not perform a permission check in an HTTP endpoint.

This allows attackers with Overall/Read permission to access other users' "My Views". Attackers with global View/Configure and View/Delete permissions are also able to change other users' "My Views".

Jenkins 2.471, LTS 2.452.4, LTS 2.462.1 restricts access to a user’s "My Views" to the owning user and administrators.

**Jenkins does not perform a permission check in an HTTP endpoint**

Moderate severity GitHub Reviewed Published Aug 7, 2024 to the GitHub Advisory Database • Updated Aug 7, 2024

Headline

GHSA-8pv9-qh96-9hc6: Jenkins does not perform a permission check in an HTTP endpoint

ghsa: Latest News