Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS04ang5LTdqNW0tNzl4NM4AAR1e
Jenkins Build Step Plugin fails to check Item/Build permission
Builds in Jenkins are associated with an authentication that controls the permissions that the build has to interact with other elements in Jenkins. The Pipeline: Build Step Plugin did not check the build authentication it was running as and allowed triggering any other project in Jenkins.
Permalink: https://github.com/advisories/GHSA-8jx9-7j5m-79x4JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS04ang5LTdqNW0tNzl4NM4AAR1e
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: almost 2 years ago
Updated: 3 months ago
CVSS Score: 5.3
CVSS vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Identifiers: GHSA-8jx9-7j5m-79x4, CVE-2017-1000089
References:
- https://nvd.nist.gov/vuln/detail/CVE-2017-1000089
- https://jenkins.io/security/advisory/2017-07-10/
- https://github.com/advisories/GHSA-8jx9-7j5m-79x4
Affected Packages
maven:org.jenkins-ci.plugins:pipeline-build-step
Affected Version Ranges: <= 2.5Fixed in: 2.5.1