Описание
Missing permission checks in Jenkins Maven Cascade Release Plugin
Jenkins Maven Cascade Release Plugin 1.3.2 and earlier does not perform permission checks in several HTTP endpoints, allowing attackers with Overall/Read permission to start cascade builds and layout builds, and reconfigure the plugin.
Пакеты
Наименование
com.barchart.jenkins:maven-release-cascade
maven
Затронутые версииВерсия исправления
<= 1.3.2
Отсутствует
Связанные уязвимости
CVSS3: 6.5
nvd
больше 5 лет назад
Jenkins Maven Cascade Release Plugin 1.3.2 and earlier does not perform permission checks in several HTTP endpoints, allowing attackers with Overall/Read permission to start cascade builds and layout builds, and reconfigure the plugin.