Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS1wOXIyLWdnaHEtaGM1N8370Q
Jenkins Multijob plugin did not check permissions in the Resume Build action
Jenkins Multijob plugin version 1.25 and earlier did not check permissions in the Resume Build action, allowing anyone with Job/Read permission to resume the build. Multijob plugin 1.26 introduced a permission check requiring Overall/Administer. This was lowered to Job/Build in version 1.27.
Permalink: https://github.com/advisories/GHSA-p9r2-gghq-hc57JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1wOXIyLWdnaHEtaGM1N8370Q
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: almost 2 years ago
Updated: about 1 year ago
CVSS Score: 4.3
CVSS vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Identifiers: GHSA-p9r2-gghq-hc57, CVE-2017-1000390
References:
- https://nvd.nist.gov/vuln/detail/CVE-2017-1000390
- https://jenkins.io/security/advisory/2017-10-23/
- http://www.securityfocus.com/bid/102824
- https://github.com/advisories/GHSA-p9r2-gghq-hc57
Affected Packages
maven:org.jenkins-ci.plugins:jenkins-multijob-plugin
Affected Version Ranges: <= 1.25Fixed in: 1.26