Robert Picard

Name of the Vulnerable Software and Affected Versions: Jenkins versions prior to 2.44 Jenkins version 2.32.2 Description: The issue is related to an insufficient permission check for periodic processes. Specifically, the URLs "/workspaceCleanup" and "/fingerprintCleanup" did not perform permission checks, allowing users with read access to Jenkins to trigger these background processes, which are otherwise performed daily. This could possibly cause additional load on Jenkins master and agents. Recommendations: For Jenkins versions prior to 2.44, update to version 2.44 or later to resolve the issue. For Jenkins version 2.32.2, update to a version with the fix, as version 2.32.2 is vulnerable. As a temporary workaround, consider restricting access to the "/workspaceCleanup" and "/fingerprintCleanup" API endpoints to minimize the risk of exploitation.