PT-2018-9293 · Jenkins · Jenkins Promoted Builds Plugin+1

Devin Nusbaum

Published

2018-03-13

Updated

2022-05-13

CVE-2018-1000114

CVSS v3.1

4.3

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Name of the Vulnerable Software and Affected Versions: Jenkins Promoted Builds Plugin versions 2.31.1 and earlier

Description: An improper authorization issue exists that allows an attacker with read access to jobs to perform promotions. This is due to vulnerabilities in Status.java and ManualCondition.java.

Recommendations: For Jenkins Promoted Builds Plugin versions 2.31.1 and earlier, update to a version later than 2.31.1 to resolve the issue. As a temporary workaround, consider restricting read access to jobs to minimize the risk of exploitation.

Fix

Incorrect Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-863

Related Identifiers

CVE-2018-1000114

GHSA-9RX5-W522-5FH7

Affected Products

Jenkins

Jenkins Promoted Builds Plugin

PT-2018-9293 · Jenkins · Jenkins Promoted Builds Plugin+1

CVE-2018-1000114

Weakness Enumeration

Related Identifiers

Affected Products

References · 4