CVE-2018-1000107

Name of the Vulnerable Software and Affected Versions: Jenkins Job and Node Ownership Plugin versions 0.11.0 and earlier

Description: An improper authorization issue exists that allows an attacker with Job/Configure or Computer/Configure permission, but without Ownership related permissions, to override ownership metadata. This is due to vulnerabilities in OwnershipDescription.java, JobOwnerJobProperty.java, and OwnerNodeProperty.java.

Recommendations: For Jenkins Job and Node Ownership Plugin versions 0.11.0 and earlier, consider restricting access to the Job/Configure and Computer/Configure permissions to minimize the risk of exploitation. As a temporary workaround, consider disabling the override of ownership metadata functionality until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.