CVE-2017-1000243 Vulnerability in maven package org.jvnet.hudson.plugins:favorite

Description

Jenkins Favorite Plugin 2.1.4 and older does not perform permission checks when changing favorite status, allowing any user to set any other user's favorites

Remediation

References

http://www.securityfocus.com/bid/101946

https://jenkins.io/security/advisory/2017-06-06/

Related Vulnerabilities

CVE-2013-2055 Vulnerability in maven package org.apache.wicket:wicket-core

CVE-2011-3190 Vulnerability in maven package org.apache.tomcat:tomcat-coyote

CVE-2020-14338 Vulnerability in maven package xerces:xercesimpl

CVE-2012-0838 Vulnerability in maven package org.apache.struts.xwork:xwork-core

CVE-2023-30533 Vulnerability in npm package xlsx

Severity

Medium

Classification

CWE-862 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N