Jenkins · Periodic Backup Plugin · CVE-2017-1000086
**Name of the Vulnerable Software and Affected Versions**
Periodic Backup Plugin (affected versions not specified)
**Description**
The issue allows any user with Overall/Read access to modify the plugin's settings, initiate backups, restore backups, download backups, and delete previous backups through log rotation. This is due to the lack of permission checks. Furthermore, the plugin is vulnerable to Cross-Site Request Forgery attacks because it does not require requests to its API to be sent via POST.
**Recommendations**
At the moment, there is no information about a newer version that contains a fix for this vulnerability.