Description

An improper authorization vulnerability exists in Jenkins Promoted Builds Plugin 2.31.1 and earlier in Status.java and ManualCondition.java that allow an attacker with read access to jobs to perform promotions.

Remediation

References

https://jenkins.io/security/advisory/2018-02-26/#SECURITY-746

Related Vulnerabilities

CVE-2019-1003067 Vulnerability in maven package org.jenkins-ci.plugins:trac-publisher-plugin

CVE-2023-27474 Vulnerability in npm package directus

CVE-2023-36478 Vulnerability in maven package org.eclipse.jetty.http2:http2-hpack

CVE-2020-2295 Vulnerability in maven package org.jkva.maven-plugins:cascading-release-maven-plugin

CVE-2022-36093 Vulnerability in maven package org.xwiki.platform:xwiki-platform-web-templates

Severity

Medium

Classification

CWE-863 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Tags

Vendor Advisory