Description

An improper authorization vulnerability exists in Jenkins Promoted Builds Plugin 2.31.1 and earlier in Status.java and ManualCondition.java that allow an attacker with read access to jobs to perform promotions.

Remediation

References

https://jenkins.io/security/advisory/2018-02-26/#SECURITY-746

Related Vulnerabilities

CVE-2019-1003010 Vulnerability in maven package org.jenkins-ci.plugins:git

CVE-2021-22053 Vulnerability in maven package org.springframework.cloud:spring-cloud-netflix-hystrix-dashboard

CVE-2022-36907 Vulnerability in maven package org.jenkins-ci.plugins:openshift-deployer

CVE-2022-43403 Vulnerability in maven package org.jenkins-ci.plugins:script-security

CVE-2014-3682 Vulnerability in maven package org.jbpm:jbpm-designer-backend

Severity

Medium

Classification

CWE-863 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Tags

Vendor Advisory