CVE-2018-1000114

MEDIUM4.3EPSS 0.03%

Jenkins Promoted Builds Plugin allowed unauthorized users to run some promotion processes

Published: 5/13/2022Modified: 2/16/2024

Description

An improper authorization vulnerability exists in Jenkins Promoted Builds Plugin 2.31.1 and earlier in Status.java and ManualCondition.java that allow an attacker with read access to jobs to perform promotions.

Affected packages (1)

Maven/org.jenkins-ci.plugins:promoted-buildsfrom 0, < 3.0

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	MEDIUM4.3	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

References (2)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2018-1000114
WEBhttps://jenkins.io/security/advisory/2018-02-26/#SECURITY-746