Описание
A missing permission check in Jenkins Pipeline: Shared Groovy Libraries Plugin 2.14 and earlier allowed users with Overall/Read access to obtain limited information about the content of SCM repositories referenced by global libraries.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat OpenShift Container Platform 3.10 | jenkins-plugin-workflow-cps-global-lib | Will not fix | ||
| Red Hat OpenShift Container Platform 3.9 | jenkins-plugin-workflow-cps-global-lib | Will not fix | ||
| Red Hat OpenShift Container Platform 3.11 | jenkins-2-plugins | Fixed | RHSA-2019:2651 | 04.09.2019 |
| Red Hat OpenShift Container Platform 4.1 | jenkins-2-plugins | Fixed | RHSA-2019:2662 | 11.09.2019 |
Показывать по
10
Дополнительная информация
Статус:
Moderate
Дефект:
CWE-284
https://bugzilla.redhat.com/show_bug.cgi?id=1735521jenkins-plugin-workflow-cps-global-lib: Missing permission check in Pipeline: Shared Groovy Libraries Plugin
EPSS
Процентиль: 20%
0.00064
Низкий
4.3 Medium
CVSS3
Связанные уязвимости
CVSS3: 4.3
nvd
больше 6 лет назад
A missing permission check in Jenkins Pipeline: Shared Groovy Libraries Plugin 2.14 and earlier allowed users with Overall/Read access to obtain limited information about the content of SCM repositories referenced by global libraries.
CVSS3: 4.3
github
больше 3 лет назад
Missing Authorization in Jenkins Pipeline: Shared Groovy Libraries Plugin
EPSS
Процентиль: 20%
0.00064
Низкий
4.3 Medium
CVSS3