Description
Jenkins Favorite Plugin 2.1.4 and older does not perform permission checks when changing favorite status, allowing any user to set any other user's favorites
Remediation
References
http://www.securityfocus.com/bid/101946
https://jenkins.io/security/advisory/2017-06-06/
Related Vulnerabilities
CVE-2020-6463 Vulnerability in npm package electron
CVE-2023-6835 Vulnerability in maven package org.wso2.carbon.apimgt:org.wso2.carbon.forum
CVE-2020-7961 Vulnerability in maven package com.liferay.portal:com.liferay.portal.impl
CVE-2021-27578 Vulnerability in maven package org.apache.zeppelin:zeppelin
CVE-2019-10328 Vulnerability in maven package org.jenkins-ci.plugins:workflow-remote-loader