CVE-2013-6373
Jenkins Exclusion Plugin < 0.9 - Authenticated Resource Lock Bypass
Title source: llmDescription
The Exclusion plugin before 0.9 for Jenkins does not properly prevent access to resource locks, which allows remote authenticated users to list and release resources via unspecified vectors.
References (2)
Core 2
Core References
Third Party Advisory x_refsource_confirm
https://wiki.jenkins-ci.org/display/JENKINS/Exclusion-Plugin
Vendor Advisory x_refsource_misc
https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2013-11-20
Scores
EPSS
0.0040
EPSS Percentile
61.0%
Details
CWE
CWE-264
Status
published
Products (4)
jenkins-ci/exclusion
0.6
jenkins-ci/exclusion
0.7
jenkins-ci/exclusion
< 0.8
org.jenkins-ci.plugins/exclusion
0 - 0.9Maven
Published
Nov 25, 2013
Tracked Since
Feb 18, 2026