Ecosyste.ms: Advisories

Security Advisories: GSA_kwCzR0hTQS0yNjh2LTJxcTctODRwZs37rQ

Missing permission check in Jenkins Favorite Plugin

Jenkins Favorite Plugin up to and including 2.1.0 does not perform permission checks when changing favorite status, allowing any user to set any other user's favorites

Permalink: https://github.com/advisories/GHSA-268v-2qq7-84pf
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS0yNjh2LTJxcTctODRwZs37rQ
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: almost 2 years ago
Updated: 3 months ago

CVSS Score: 4.3
CVSS vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Identifiers: GHSA-268v-2qq7-84pf, CVE-2017-1000243
References:

• https://nvd.nist.gov/vuln/detail/CVE-2017-1000243
• https://jenkins.io/security/advisory/2017-06-06/
• http://www.securityfocus.com/bid/101946
• https://github.com/advisories/GHSA-268v-2qq7-84pf

Blast Radius: 8.3

Affected Packages