Description
An improper authorization vulnerability exists in Jenkins Promoted Builds Plugin 2.31.1 and earlier in Status.java and ManualCondition.java that allow an attacker with read access to jobs to perform promotions.
Remediation
References
https://jenkins.io/security/advisory/2018-02-26/#SECURITY-746
Related Vulnerabilities
CVE-2011-1772 Vulnerability in maven package org.apache.struts.xwork:xwork-core
CVE-2022-36908 Vulnerability in maven package org.jenkins-ci.plugins:openshift-deployer
CVE-2022-24785 Vulnerability in maven package org.webjars.bowergithub.moment:moment
CVE-2020-2247 Vulnerability in maven package org.jenkins-ci.plugins:klocwork