CVE-2022-36891

Name of the Vulnerable Software and Affected Versions Jenkins Deployer Framework Plugin versions 85.v1d1888e8c021 and earlier

Description A missing permission check in the Jenkins Deployer Framework Plugin allows attackers with Item/Read permission but without Deploy Now/Deploy permission to read deployment logs. This issue is related to insufficient authorization procedures, which can be exploited by a remote attacker to gain unauthorized access to protected information.

Recommendations For Jenkins Deployer Framework Plugin versions 85.v1d1888e8c021 and earlier, update to version 86.v7b a 4a 55b f3ec or later, which requires Deploy Now/Deploy permission to read deployment logs. As a temporary workaround, consider restricting access to the deployment logs until the update is applied.