Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Jenkins Matrix Authorization Strategy Plugin 2.0-beta-1 through 3.2.9 (both inclusive) invokes parameterless constructors of classes specified in configuration when deserializing inheritance strategies, without restricting the classes that can be instantiated, allowing attackers with Item/Configure permission to instantiate arbitrary types, which may lead to information disclosure or other impacts depending on the classes available on the classpath.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Jenkins Matrix Authorization Strategy Plugin 代码问题漏洞
Vulnerability Description
Jenkins Matrix Authorization Strategy Plugin是Jenkins开源的一个为持续集成平台提供基于矩阵的细粒度权限控制机制的插件。 Jenkins Matrix Authorization Strategy Plugin 2.0-beta-1版本至3.2.9版本存在代码问题漏洞,该漏洞源于反序列化继承策略时调用配置中指定类的无参构造函数,未限制可实例化的类,可能导致具有Item/Configure权限的攻击者实例化任意类型,根据类路径上可用的类可能导致信息泄露或其他影
CVSS Information
N/A
Vulnerability Type
N/A