An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: GSA_kwCzR0hTQS03cjRoLTJoMjMtNmpxOc3z7g

Incorrect Authorization in Jenkins

Jenkins before versions 2.44 and 2.32.2 is vulnerable to an insufficient permission check. This allows users with permissions to create new items (e.g. jobs) to overwrite existing items they don't have access to (SECURITY-321).

Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: almost 2 years ago
Updated: about 1 year ago

CVSS Score: 5.4
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

Identifiers: GHSA-7r4h-2h23-6jq9, CVE-2017-2599
References: Repository:
Blast Radius: 1.0

Affected Packages

Affected Version Ranges: >= 2.34, <= 2.43, <= 2.32.1
Fixed in: 2.44, 2.32.2