CVE-2017-1000388 – org.jenkins-ci.plugins:depgraph-view

Package

Manager: maven
Name: org.jenkins-ci.plugins:depgraph-view
Vulnerable Version: >=0 <0.13

Severity

Level: Medium

CVSS v3.1: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00031 pctl0.07238

Details

Jenkins Dependency Graph Viewer plugin vulnerable to missing permission checks Jenkins Dependency Graph Viewer plugin 0.12 and earlier did not perform permission checks for the API endpoint that modifies the dependency graph, allowing anyone with Overall/Read permission to modify this data.

Metadata

Created: 2022-05-13T01:18:20Z
Modified: 2024-01-30T22:03:41Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-vhh3-mvc4-hhq6/GHSA-vhh3-mvc4-hhq6.json
CWE IDs: ["CWE-862"]
Alternative ID: GHSA-vhh3-mvc4-hhq6
Finding: F039
Auto approve: 1