Description

An improper authorization vulnerability exists in Jenkins Promoted Builds Plugin 2.31.1 and earlier in Status.java and ManualCondition.java that allow an attacker with read access to jobs to perform promotions.

Remediation

References

https://jenkins.io/security/advisory/2018-02-26/#SECURITY-746

Related Vulnerabilities

CVE-2019-17566 Vulnerability in maven package org.apache.xmlgraphics:batik-transcoder

CVE-2019-10287 Vulnerability in maven package org.jenkins-ci.plugins:youtrack-plugin

CVE-2023-37960 Vulnerability in maven package io.jenkins.plugins:mathworks-polyspace

CVE-2021-21616 Vulnerability in maven package org.biouno:uno-choice

CVE-2022-36099 Vulnerability in maven package org.xwiki.platform:xwiki-platform-wiki-ui-mainwiki

Severity

Medium

Classification

CWE-863 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Tags

Vendor Advisory