CVE-2017-1000390

Name of the Vulnerable Software and Affected Versions Jenkins Multijob plugin versions 1.25 and earlier

Description The issue concerns a permission check in the Resume Build action. Specifically, it allows anyone with Job/Read permission to resume the build without proper authorization. The estimated number of potentially affected devices worldwide is not available. There is no information about real-world incidents where this issue was exploited. Technical details include the lack of permission checks in the Resume Build action, allowing unauthorized access with Job/Read permission.

Recommendations For Jenkins Multijob plugin versions 1.25 and earlier, update to version 1.27 or later to introduce a permission check requiring Job/Build. As a temporary workaround, consider restricting access to the Resume Build action to minimize the risk of exploitation.