An incorrect permission check in Jenkins Support Core Plugin 1206.v14049fabd860 and earlier allows attackers with Support/DownloadBundle permission to download a previously created support bundle containing information limited to users with Overall/Administer permission.
{
"cpe": "cpe:2.3:a:jenkins:support_core:*:*:*:*:*:jenkins:*:*",
"extracted_events": [
{
"introduced": "0"
},
{
"fixed": "1206.1208.v9b_7a_1d48db_0f"
}
],
"source": "CPE_RANGE"
}