Description

An improper authorization vulnerability exists in Jenkins Promoted Builds Plugin 2.31.1 and earlier in Status.java and ManualCondition.java that allow an attacker with read access to jobs to perform promotions.

Remediation

References

https://jenkins.io/security/advisory/2018-02-26/#SECURITY-746

Related Vulnerabilities

CVE-2023-43123 Vulnerability in maven package org.apache.storm:storm-client

CVE-2018-20677 Vulnerability in maven package org.webjars.bowergithub.jasny:bootstrap

CVE-2019-16543 Vulnerability in maven package com.inflectra.spiratest.plugins:inflectra-spira-integration

CVE-2023-36470 Vulnerability in maven package org.xwiki.platform:xwiki-platform-icon-default

CVE-2018-1000150 Vulnerability in maven package org.jenkins-ci.plugins:reverse-proxy-auth-plugin

Severity

Medium

Classification

CWE-863 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Tags

Vendor Advisory