Description

An improper authorization vulnerability exists in Jenkins Promoted Builds Plugin 2.31.1 and earlier in Status.java and ManualCondition.java that allow an attacker with read access to jobs to perform promotions.

Remediation

References

https://jenkins.io/security/advisory/2018-02-26/#SECURITY-746

Related Vulnerabilities

CVE-2019-10414 Vulnerability in maven package de.wellnerbou.jenkins:git-changelog

CVE-2023-50773 Vulnerability in maven package com.zintow:dingding-json-pusher

CVE-2020-2270 Vulnerability in maven package org.jenkins-ci.plugins:clearcase-release

CVE-2019-10396 Vulnerability in maven package org.jenkins-ci.plugins:dashboard-view

CVE-2020-2289 Vulnerability in maven package org.biouno:uno-choice

Severity

Medium

Classification

CWE-863 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Tags

Vendor Advisory