Description
An improper authorization vulnerability exists in Jenkins Job and Node Ownership Plugin 0.11.0 and earlier in OwnershipDescription.java, JobOwnerJobProperty.java, and OwnerNodeProperty.java that allow an attacker with Job/Configure or Computer/Configure permission and without Ownership related permissions to override ownership metadata.
Remediation
References
https://jenkins.io/security/advisory/2018-02-26/#SECURITY-498
Related Vulnerabilities
CVE-2017-7672 Vulnerability in maven package org.apache.struts:struts2-core
CVE-2012-0022 Vulnerability in maven package tomcat:catalina
CVE-2020-1938 Vulnerability in maven package org.apache.tomcat:tomcat-util
CVE-2016-1000220 Vulnerability in npm package kibana
CVE-2015-8031 Vulnerability in maven package org.jvnet.hudson.main:hudson-core