GHSA-p9r2-gghq-hc57

Опубликовано: 13 мая 2022

Источник: github

Github: Прошло ревью

CVSS3: 4.3

Описание

Jenkins Multijob plugin did not check permissions in the Resume Build action

Jenkins Multijob plugin version 1.25 and earlier did not check permissions in the Resume Build action, allowing anyone with Job/Read permission to resume the build. Multijob plugin 1.26 introduced a permission check requiring Overall/Administer. This was lowered to Job/Build in version 1.27.

Ссылки

Пакеты

Наименование

org.jenkins-ci.plugins:jenkins-multijob-plugin

maven

Затронутые версииВерсия исправления

<= 1.25

1.26

EPSS

Процентиль: 4%

0.0002

Низкий

4.3 Medium

CVSS3

CVE ID

CVE-2017-1000390

Дефекты

CWE-862

Связанные уязвимости

CVE-2017-1000390

CVSS3: 4.3

nvd

около 8 лет назад

Jenkins Multijob plugin version 1.25 and earlier did not check permissions in the Resume Build action, allowing anyone with Job/Read permission to resume the build.

EPSS

Процентиль: 4%

0.0002

Низкий

4.3 Medium

CVSS3

CVE ID

CVE-2017-1000390

Дефекты

CWE-862