CVE-2018-1000114 – org.jenkins-ci.plugins:promoted-builds

Package

Manager: maven
Name: org.jenkins-ci.plugins:promoted-builds
Vulnerable Version: >=0 <3.0

Severity

Level: Medium

CVSS v3.1: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00031 pctl0.07213

Details

Jenkins Promoted Builds Plugin allowed unauthorized users to run some promotion processes An improper authorization vulnerability exists in Jenkins Promoted Builds Plugin 2.31.1 and earlier in Status.java and ManualCondition.java that allow an attacker with read access to jobs to perform promotions.

Metadata

Created: 2022-05-13T01:48:32Z
Modified: 2024-01-30T22:43:31Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-9rx5-w522-5fh7/GHSA-9rx5-w522-5fh7.json
CWE IDs: ["CWE-863"]
Alternative ID: GHSA-9rx5-w522-5fh7
Finding: F006
Auto approve: 1