CVE-2017-1000243

MEDIUM4.3EPSS 0.03%

Missing permission check in Jenkins Favorite Plugin

Published: 5/13/2022Modified: 2/18/2024

Description

Jenkins Favorite Plugin up to and including 2.1.0 does not perform permission checks when changing favorite status, allowing any user to set any other user's favorites

Affected packages (1)

Maven/org.jvnet.hudson.plugins:favoritefrom 0, < 2.3.0

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	MEDIUM4.3	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

References (4)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2017-1000243
PATCHhttps://github.com/jenkinsci/favorite-plugin
WEBhttps://jenkins.io/security/advisory/2017-06-06
WEBhttp://www.securityfocus.com/bid/101946