CVE-2018-1999004

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2018-1999004

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-1999004.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2018-1999004

Aliases

GHSA-wmr8-25ff-ggpj

Published

2018-07-23T19:29:00Z

Modified

2024-09-03T02:09:56.954217Z

Severity

4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L CVSS Calculator

Summary

[none]

Details

A Improper authorization vulnerability exists in Jenkins 2.132 and earlier, 2.121.1 and earlier in SlaveComputer.java that allows attackers with Overall/Read permission to initiate agent launches, and abort in-progress agent launches.

References

Affected packages

Git / github.com/jenkinsci/jenkins

Affected ranges

Type: GIT
Repo: https://github.com/jenkinsci/jenkins
Events: Introduced

261ddc1c9a610bffa61b6e9f559a27c363216f6d

Last affected

85354aad981e4115f8f2d0c9e66b43c31dd22810

Last affected

8a653f84283b1729d0ecd25138d472de83af1b6d

Affected versions

jenkins-2.*

jenkins-2.122

jenkins-2.124

jenkins-2.125

jenkins-2.126

jenkins-2.127

jenkins-2.128

jenkins-2.129

jenkins-2.130

jenkins-2.131

jenkins-2.132