GHSA-268v-2qq7-84pf

Source

https://github.com/advisories/GHSA-268v-2qq7-84pf

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-268v-2qq7-84pf/GHSA-268v-2qq7-84pf.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-268v-2qq7-84pf

Aliases

CVE-2017-1000243

Published

2022-05-13T01:18:20Z

Modified

2024-02-18T05:32:06.162541Z

Severity

4.3 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N CVSS Calculator

Summary

Missing permission check in Jenkins Favorite Plugin

Details

Jenkins Favorite Plugin up to and including 2.1.0 does not perform permission checks when changing favorite status, allowing any user to set any other user's favorites

Database specific

{
    "nvd_published_at": "2017-11-01T13:29:00Z",
    "cwe_ids": [
        "CWE-862"
    ],
    "severity": "MODERATE",
    "github_reviewed": true,
    "github_reviewed_at": "2024-01-30T21:58:23Z"
}

References

Affected packages

Maven / org.jvnet.hudson.plugins:favorite

Package

Name: org.jvnet.hudson.plugins:favorite; View open source insights on deps.dev
Purl: pkg:maven/org.jvnet.hudson.plugins/favorite

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.3.0

Affected versions

1.*

1.0

1.1

1.2

1.3

1.4

1.5

1.6

1.7

1.8

1.9

1.10

1.11

1.12

1.13

1.14

1.15

1.16

2.*

2.0

2.0.1

2.0.2

2.0.3

2.0.4

2.1.0

2.2.0