Description

An improper authorization vulnerability exists in Jenkins Promoted Builds Plugin 2.31.1 and earlier in Status.java and ManualCondition.java that allow an attacker with read access to jobs to perform promotions.

Remediation

References

https://jenkins.io/security/advisory/2018-02-26/#SECURITY-746

Related Vulnerabilities

CVE-2022-45875 Vulnerability in maven package org.apache.dolphinscheduler:dolphinscheduler-alert-plugins

CVE-2011-1772 Vulnerability in maven package org.apache.struts.xwork:xwork-core

CVE-2022-36908 Vulnerability in maven package org.jenkins-ci.plugins:openshift-deployer

CVE-2022-24785 Vulnerability in maven package org.webjars.bowergithub.moment:moment

CVE-2020-2247 Vulnerability in maven package org.jenkins-ci.plugins:klocwork

Severity

Medium

Classification

CWE-863 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Tags

Vendor Advisory