CVE-2013-6373 — Jenkins Exclusion Plugin allows Access to Resource Locks

Description

The Exclusion plugin before 0.9 for Jenkins does not properly prevent access to resource locks, which allows remote authenticated users to list and release resources via unspecified vectors.

How to fix CVE-2013-6373

To remediate CVE-2013-6373, upgrade the affected package to a fixed version below.

Maven/org.jenkins-ci.plugins:exclusion—upgrade to 0.9 or later

Is CVE-2013-6373 being exploited?

Low — EPSS is 0.4%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

from 0, < 0.9

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 4.0	—	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N

References (5)

ADVISORYnvd.nist.gov/vuln/detail/CVE-2013-6373
PATCHgithub.com/jenkinsci/exclusion-plugin
WEBgithub.com/jenkinsci/exclusion-plugin/commit/847f9aeb407c0f47046d184080c9e2c2e3720311
WEBwiki.jenkins-ci.org/display/JENKINS/Exclusion-Plugin