Description
Jenkins Favorite Plugin 2.1.4 and older does not perform permission checks when changing favorite status, allowing any user to set any other user's favorites
Remediation
References
http://www.securityfocus.com/bid/101946
https://jenkins.io/security/advisory/2017-06-06/
Related Vulnerabilities
CVE-2019-10423 Vulnerability in maven package com.villagechief.codescan.jenkins:codescan
CVE-2023-33201 Vulnerability in maven package org.bouncycastle:bcprov-ext-jdk15to18
CVE-2018-1000108 Vulnerability in maven package org.jenkins-ci.plugins:cppncss
CVE-2017-2601 Vulnerability in maven package org.jenkins-ci.main:jenkins-core
CVE-2016-7191 Vulnerability in npm package passport-azure-ad