Описание
Jenkins Global Post Script Plugin missing permission check
Jenkins Global Post Script Plugin does not perform permission checks on a method implementing form validation. This allows users with Overall/Read permission to list the files contained in $JENKINS_HOME/global-post-script that can be used by the plugin.
Пакеты
Наименование
org.jenkins-ci.plugins:global-post-script
maven
Затронутые версииВерсия исправления
<= 1.1.4
Отсутствует
Связанные уязвимости
CVSS3: 4.3
nvd
около 6 лет назад
A missing permission check in Jenkins Global Post Script Plugin in allowed users with Overall/Read access to list the scripts available to the plugin stored on the Jenkins master file system.