Description
Jenkins Failed Job Deactivator Plugin 1.2.1 and earlier does not perform permission checks in several views and HTTP endpoints, allowing attackers with Overall/Read permission to disable jobs.
Remediation
References
https://www.jenkins.io/security/advisory/2022-06-30/#SECURITY-2061
Related Vulnerabilities
CVE-2019-10359 Vulnerability in maven package org.jenkins-ci.plugins.m2release:m2release
CVE-2020-35509 Vulnerability in maven package org.keycloak:keycloak-services
CVE-2019-12421 Vulnerability in maven package org.apache.nifi:nifi-web-security
CVE-2017-1000110 Vulnerability in maven package io.jenkins.blueocean:blueocean-parent
CVE-2016-5007 Vulnerability in maven package org.springframework.security:spring-security-config