CVE-2018-1000015

Опубликовано: 22 янв. 2018

Источник: redhat

CVSS3: 4.2

EPSS Низкий

Описание

On Jenkins instances with Authorize Project plugin, the authentication associated with a build may lack the Computer/Build permission on some agents. This did not prevent the execution of Pipeline node blocks on those agents due to incorrect permissions checks in Pipeline: Nodes and Processes plugin 2.17 and earlier.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat OpenShift Enterprise 3	jenkins-plugin-workflow-durable-task-step	Will not fix

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-285

https://bugzilla.redhat.com/show_bug.cgi?id=1537187jenkins-plugin-workflow-durable-task-step: Incorrect permission checks in Pipeline: Nodes and Processes plugin allows executing builds on agents while lacking Computer/Build permission (SECURITY-675)

EPSS

Процентиль: 9%

0.00033

Низкий

4.2 Medium

CVSS3

Связанные уязвимости

CVE-2018-1000015

CVSS3: 4.8

nvd

около 8 лет назад

On Jenkins instances with Authorize Project plugin, the authentication associated with a build may lack the Computer/Build permission on some agents. This did not prevent the execution of Pipeline `node` blocks on those agents due to incorrect permissions checks in Pipeline: Nodes and Processes plugin 2.17 and earlier.

GHSA-9r7f-rqhw-j8h8