Описание
An improper authorization vulnerability exists in Jenkins Job and Node Ownership Plugin 0.11.0 and earlier in OwnershipDescription.java, JobOwnerJobProperty.java, and OwnerNodeProperty.java that allow an attacker with Job/Configure or Computer/Configure permission and without Ownership related permissions to override ownership metadata.
Ссылки
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 0.11.0 (включая)
cpe:2.3:a:jenkins:job_and_node_ownership:*:*:*:*:*:jenkins:*:*
EPSS
Процентиль: 5%
0.00021
Низкий
6.5 Medium
CVSS3
4 Medium
CVSS2
Дефекты
CWE-863
Связанные уязвимости
CVSS3: 6.5
github
больше 3 лет назад
Improper authorization in Jenkins Job and Node Ownership Plugin
EPSS
Процентиль: 5%
0.00021
Низкий
6.5 Medium
CVSS3
4 Medium
CVSS2
Дефекты
CWE-863