Description
Builds in Jenkins are associated with an authentication that controls the permissions that the build has to interact with other elements in Jenkins. The Pipeline: Build Step Plugin did not check the build authentication it was running as and allowed triggering any other project in Jenkins.
Remediation
References
https://jenkins.io/security/advisory/2017-07-10/
Related Vulnerabilities
CVE-2010-3863 Vulnerability in maven package org.apache.shiro:shiro-all
CVE-2011-2087 Vulnerability in maven package org.apache.struts:struts2-javatemplates-plugin
CVE-2020-2219 Vulnerability in maven package org.jenkins-ci.plugins:link-column
CVE-2020-15096 Vulnerability in maven package org.webjars.npm:electron
CVE-2017-5929 Vulnerability in maven package ch.qos.logback:logback-classic