CVE-2018-1000114

Published: Mar 13, 2018Modified: Nov 21, 2024

4.3

Vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Exploitability: 2.8 / Impact: 1.4

Source: NVD

Description

An improper authorization vulnerability exists in Jenkins Promoted Builds Plugin 2.31.1 and earlier in Status.java and ManualCondition.java that allow an attacker with read access to jobs to perform promotions.

Affected (1)

Products: Jenkins: Promoted Builds

Jenkins

1 product

Promoted Builds

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Jenkins Promoted Builds	Up to 2.31.1

Related CWEs

CWE-863

Incorrect Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.

References (2)

https://jenkins.io/security/advisory/2018-02-26/#SECURITY-746

Source: cve@mitre.org

Vendor Advisory

https://jenkins.io/security/advisory/2018-02-26/#SECURITY-746

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.