Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS1tYzIyLTI1cjMtMnc5d84AAR2J
Parameterized Trigger Plugin fails to check Item/Build permission
Parameterized Trigger Plugin fails to check Item/Build permission: The Parameterized Trigger Plugin did not check the build authentication it was running as and allowed triggering any other project in Jenkins. The plugin has been adapted to now check for Item/Build permission before triggering a downstream build.
Permalink: https://github.com/advisories/GHSA-mc22-25r3-2w9wJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1tYzIyLTI1cjMtMnc5d84AAR2J
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: almost 2 years ago
Updated: 4 months ago
CVSS Score: 6.5
CVSS vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Identifiers: GHSA-mc22-25r3-2w9w, CVE-2017-1000084
References:
- https://nvd.nist.gov/vuln/detail/CVE-2017-1000084
- https://jenkins.io/security/advisory/2017-07-10/
- https://github.com/jenkinsci/parameterized-trigger-plugin/pull/114
- https://issues.jenkins.io/browse/JENKINS-45471
- https://github.com/fbelzunc/parameterized-trigger-plugin/commit/345d54f8f031bef68ecb6fd4e7eee0be720162e4
- https://github.com/advisories/GHSA-mc22-25r3-2w9w
Blast Radius: 1.0
Affected Packages
maven:org.jenkins-ci.plugins:parameterized-trigger
Affected Version Ranges: < 2.35.1Fixed in: 2.35.1