CVE-2017-1000243 – org.jvnet.hudson.plugins:favorite

Package

Manager: maven
Name: org.jvnet.hudson.plugins:favorite
Vulnerable Version: >=0 <2.3.0

Severity

Level: Medium

CVSS v3.1: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00031 pctl0.07238

Details

Missing permission check in Jenkins Favorite Plugin Jenkins Favorite Plugin up to and including 2.1.0 does not perform permission checks when changing favorite status, allowing any user to set any other user's favorites

Metadata

Created: 2022-05-13T01:18:20Z
Modified: 2024-01-30T21:58:23Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-268v-2qq7-84pf/GHSA-268v-2qq7-84pf.json
CWE IDs: ["CWE-862"]
Alternative ID: GHSA-268v-2qq7-84pf
Finding: F039
Auto approve: 1