Description

An improper authorization vulnerability exists in Jenkins Promoted Builds Plugin 2.31.1 and earlier in Status.java and ManualCondition.java that allow an attacker with read access to jobs to perform promotions.

Remediation

References

https://jenkins.io/security/advisory/2018-02-26/#SECURITY-746

Related Vulnerabilities

CVE-2010-2227 Vulnerability in maven package org.apache.tomcat:coyote

CVE-2018-11537 Vulnerability in maven package org.webjars:angular-jwt

CVE-2019-11358 Vulnerability in npm package jquery

CVE-2019-10448 Vulnerability in maven package jenkins.xtc:extensivetesting

CVE-2018-1000112 Vulnerability in maven package org.jenkins-ci.plugins:mercurial

Severity

Medium

Classification

CWE-863 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Tags

Vendor Advisory