Description
Jenkins Favorite Plugin 2.1.4 and older does not perform permission checks when changing favorite status, allowing any user to set any other user's favorites
Remediation
References
https://jenkins.io/security/advisory/2017-06-06/
http://www.securityfocus.com/bid/101946
Related Vulnerabilities
CVE-2017-4972 Vulnerability in maven package org.cloudfoundry.identity:cloudfoundry-identity-common
CVE-2018-1000186 Vulnerability in maven package org.jenkins-ci.plugins:ghprb
CVE-2020-1960 Vulnerability in maven package org.apache.flink:flink-metrics-jmx
CVE-2023-30521 Vulnerability in maven package org.jenkins-ci.plugins:assembla-merge-request-builder
CVE-2017-15701 Vulnerability in maven package org.apache.qpid:qpid-broker