Description

An improper authorization vulnerability exists in Jenkins Promoted Builds Plugin 2.31.1 and earlier in Status.java and ManualCondition.java that allow an attacker with read access to jobs to perform promotions.

Remediation

References

https://jenkins.io/security/advisory/2018-02-26/#SECURITY-746

Related Vulnerabilities

CVE-2011-2092 Vulnerability in maven package com.adobe.blazeds:flex-messaging-common

CVE-2021-41561 Vulnerability in maven package org.apache.parquet:parquet

CVE-2023-33947 Vulnerability in maven package com.liferay.portal:release.portal.bom

CVE-2017-18353 Vulnerability in npm package rendertron-middleware

CVE-2023-33939 Vulnerability in maven package com.liferay:com.liferay.portal.search.web

Severity

Medium

Classification

CWE-863 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Tags

Vendor Advisory