CVE-2018-1000114

Name of the Vulnerable Software and Affected Versions: Jenkins Promoted Builds Plugin versions 2.31.1 and earlier

Description: An improper authorization issue exists that allows an attacker with read access to jobs to perform promotions. This is due to vulnerabilities in Status.java and ManualCondition.java.

Recommendations: For Jenkins Promoted Builds Plugin versions 2.31.1 and earlier, update to a version later than 2.31.1 to resolve the issue. As a temporary workaround, consider restricting read access to jobs to minimize the risk of exploitation.