GHSA-72x3-c7jc-q35x
Suggest an improvement- Source
- https://github.com/advisories/GHSA-72x3-c7jc-q35x
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-72x3-c7jc-q35x/GHSA-72x3-c7jc-q35x.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-72x3-c7jc-q35x
- Aliases
- Published
- 2022-05-13T01:48:31Z
- Modified
- 2024-02-16T08:17:21.653345Z
- Severity
-
- 6.5 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N CVSS Calculator
- Summary
- Improper authorization in Jenkins Job and Node Ownership Plugin
- Details
-
An improper authorization vulnerability exists in Jenkins Job and Node Ownership Plugin 0.11.0 and earlier in
OwnershipDescription.java, JobOwnerJobProperty.java, and OwnerNodeProperty.javathat allow an attacker with Job/Configure or Computer/Configure permission and without Ownership related permissions to override ownership metadata.
- Database specific
{ "nvd_published_at": "2018-03-13T13:29:00Z", "cwe_ids": [ "CWE-285" ], "severity": "MODERATE", "github_reviewed": true, "github_reviewed_at": "2022-11-03T18:47:09Z" }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2018-1000107
- https://github.com/jenkinsci/ownership-plugin/commit/42487df17cd272e504d3cd3e09abb4904f80dba2
- https://github.com/jenkinsci/ownership-plugin/blob/2908d3c0e23a34919449838304090210640c67c1/CHANGELOG.md?plain=1#L26
- https://jenkins.io/security/advisory/2018-02-26/#SECURITY-498
Affected packages
Maven / com.synopsys.jenkinsci:ownership
Package
- Name
- com.synopsys.jenkinsci:ownership
- View open source insights on deps.dev
- Purl
- pkg:maven/com.synopsys.jenkinsci/ownership