GHSA-9rx5-w522-5fh7

Suggest an improvement
Source
https://github.com/advisories/GHSA-9rx5-w522-5fh7
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-9rx5-w522-5fh7/GHSA-9rx5-w522-5fh7.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-9rx5-w522-5fh7
Aliases
Published
2022-05-13T01:48:32Z
Modified
2024-02-16T08:24:28.099694Z
Severity
  • 4.3 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N CVSS Calculator
Summary
Jenkins Promoted Builds Plugin allowed unauthorized users to run some promotion processes
Details

An improper authorization vulnerability exists in Jenkins Promoted Builds Plugin 2.31.1 and earlier in Status.java and ManualCondition.java that allow an attacker with read access to jobs to perform promotions.

References

Affected packages

Maven / org.jenkins-ci.plugins:promoted-builds

Package

Name
org.jenkins-ci.plugins:promoted-builds
View open source insights on deps.dev
Purl
pkg:maven/org.jenkins-ci.plugins/promoted-builds

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.0

Affected versions

2.*

2.0
2.1
2.2
2.3
2.3.1
2.4
2.5
2.6
2.6.1
2.6.2
2.7
2.8
2.9
2.10
2.11
2.12
2.13
2.14
2.15
2.16
2.17
2.18
2.19
2.20
2.21
2.22-beta1
2.22
2.23
2.23.1
2.24
2.24.1
2.25
2.26
2.27
2.28
2.28.1
2.29
2.29.1
2.30
2.31
2.31.1

Database specific

{
    "last_known_affected_version_range": "<= 2.31.1"
}