Описание
Jenkins Pipeline: Groovy Plugin 3990.vd281dd77a_388 and earlier, except 3975.3977.v478dd9e956c3 does not check whether the main (Jenkinsfile) script for a rebuilt build is approved, allowing attackers with Item/Build permission to rebuild a previous build whose (Jenkinsfile) script is no longer approved.
Ссылки
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 3975.3977.v478dd9e956c3 (исключая)
Одно из
cpe:2.3:a:jenkins:pipeline\:_groovy:*:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:pipeline\:_groovy:3990.vd281dd77a_388:*:*:*:*:jenkins:*:*
EPSS
Процентиль: 77%
0.01035
Низкий
8 High
CVSS3
Дефекты
CWE-354
Связанные уязвимости
CVSS3: 8
redhat
около 1 года назад
Jenkins Pipeline: Groovy Plugin 3990.vd281dd77a_388 and earlier, except 3975.3977.v478dd9e956c3 does not check whether the main (Jenkinsfile) script for a rebuilt build is approved, allowing attackers with Item/Build permission to rebuild a previous build whose (Jenkinsfile) script is no longer approved.
CVSS3: 8
github
около 1 года назад
Rebuilding a run with revoked script approval allowed by Jenkins Pipeline: Groovy Plugin
EPSS
Процентиль: 77%
0.01035
Низкий
8 High
CVSS3
Дефекты
CWE-354