Suman Roy

**Name of the Vulnerable Software and Affected Versions** Jenkins versions 2.550 and earlier Jenkins LTS versions 2.541.1 and earlier **Description** The software allows access to information about jobs, builds, and build display names even when a user does not have permission to view them. This occurs because the software accepts Run Parameter values that reference builds inaccessible to the user submitting the build. An attacker with Item/Build and Item/Configure permission can exploit this. **Recommendations** Update Jenkins to a version later than 2.550. Update Jenkins LTS to a version later than 2.541.1.