Description
Jenkins Dependency Graph Viewer plugin 0.12 and earlier did not perform permission checks for the API endpoint that modifies the dependency graph, allowing anyone with Overall/Read permission to modify this data.
Remediation
References
https://jenkins.io/security/advisory/2017-10-23/
Related Vulnerabilities
CVE-2017-2648 Vulnerability in maven package org.jenkins-ci.plugins:ssh-slaves
CVE-2020-13926 Vulnerability in maven package org.apache.kylin:kylin-server
CVE-2019-16568 Vulnerability in maven package hudson.plugins.sctmexecutor:sctmexecutor
CVE-2022-23622 Vulnerability in maven package org.xwiki.platform:xwiki-platform-web-templates