Description

An improper authorization vulnerability exists in Jenkins Promoted Builds Plugin 2.31.1 and earlier in Status.java and ManualCondition.java that allow an attacker with read access to jobs to perform promotions.

Remediation

References

https://jenkins.io/security/advisory/2018-02-26/#SECURITY-746

Related Vulnerabilities

CVE-2020-6831 Vulnerability in maven package org.webjars.npm:electron

CVE-2023-31206 Vulnerability in maven package org.apache.inlong:manager-pojo

CVE-2019-1003065 Vulnerability in maven package org.jenkins-ci.plugins:cloudshare-docker

CVE-2015-8858 Vulnerability in maven package org.webjars.npm:uglify-js

CVE-2014-3488 Vulnerability in maven package io.netty:netty

Severity

Medium

Classification

CWE-863 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Tags

Vendor Advisory