Description

An improper authorization vulnerability exists in Jenkins Promoted Builds Plugin 2.31.1 and earlier in Status.java and ManualCondition.java that allow an attacker with read access to jobs to perform promotions.

Remediation

References

https://jenkins.io/security/advisory/2018-02-26/#SECURITY-746

Related Vulnerabilities

CVE-2023-33201 Vulnerability in maven package org.bouncycastle:bcprov-ext-jdk14

CVE-2014-0050 Vulnerability in maven package org.apache.tomcat:tomcat-coyote

CVE-2015-5347 Vulnerability in maven package org.apache.wicket:wicket-extensions

CVE-2022-34796 Vulnerability in maven package org.jenkins-ci.plugins:ec2-deployment-dashboard

CVE-2019-12419 Vulnerability in maven package org.apache.cxf:cxf-rt-rs-security-sso-oidc

Severity

Medium

Classification

CWE-863 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Tags

Vendor Advisory