CVE-2014-2058 – org.jenkins-ci.main:jenkins-core

Package

Manager: maven
Name: org.jenkins-ci.main:jenkins-core
Vulnerable Version: >=1.533 <1.551 || >=0 <1.532.2

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00044 pctl0.12623

Details

Jenkins allows attackers to execute arbitrary jobs BuildTrigger in Jenkins before 1.551 and LTS before 1.532.2 allows remote authenticated users to bypass access restrictions and execute arbitrary jobs by configuring a job to trigger another job. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-7330.

Metadata

Created: 2022-05-17T03:53:55Z
Modified: 2024-03-05T14:36:27Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-7fpg-pp3m-h22f/GHSA-7fpg-pp3m-h22f.json
CWE IDs: []
Alternative ID: GHSA-7fpg-pp3m-h22f
Finding: F039
Auto approve: 1