CVE-2017-1000243

Опубликовано: 01 нояб. 2017

Источник: nvd

CVSS3: 4.3

CVSS2: 4

EPSS Низкий

Описание

Jenkins Favorite Plugin 2.1.4 and older does not perform permission checks when changing favorite status, allowing any user to set any other user's favorites

Ссылки

http://www.securityfocus.com/bid/101946
https://jenkins.io/security/advisory/2017-06-06/
Vendor Advisory
http://www.securityfocus.com/bid/101946
https://jenkins.io/security/advisory/2017-06-06/
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:jenkins:favorite_plugin:*:*:*:*:*:jenkins:*:*

Версия до 2.1.4 (включая)

EPSS

Процентиль: 8%

0.00031

Низкий

4.3 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-862

Связанные уязвимости

CVE-2017-1000243

CVSS3: 4.3

redhat

больше 8 лет назад

Jenkins Favorite Plugin 2.1.4 and older does not perform permission checks when changing favorite status, allowing any user to set any other user's favorites

GHSA-268v-2qq7-84pf

CVSS3: 4.3

github

больше 3 лет назад

Missing permission check in Jenkins Favorite Plugin

EPSS

Процентиль: 8%

0.00031

Низкий

4.3 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-862