Описание
The Pipeline: Input Step Plugin by default allowed users with Item/Read access to a pipeline to interact with the step to provide input. This has been changed, and now requires users to have the Item/Build permission instead.
Ссылки
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:jenkins:pipeline-input-step:2.0:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:pipeline-input-step:2.1:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:pipeline-input-step:2.2:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:pipeline-input-step:2.3:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:pipeline-input-step:2.4:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:pipeline-input-step:2.5:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:pipeline-input-step:2.6:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:pipeline-input-step:2.7:*:*:*:*:jenkins:*:*
EPSS
Процентиль: 25%
0.00085
Низкий
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-200
Связанные уязвимости
CVSS3: 4.3
redhat
больше 8 лет назад
The Pipeline: Input Step Plugin by default allowed users with Item/Read access to a pipeline to interact with the step to provide input. This has been changed, and now requires users to have the Item/Build permission instead.
EPSS
Процентиль: 25%
0.00085
Низкий
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-200