CVE-2018-1000114

CWE-863Incorrect Authorization7 documents7 sources
Severity
4.3MEDIUM
EPSS
0.0%
top 91.14%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Jenkins Promoted Builds
Timeline
PublishedMar 13
Latest updateMay 13

Description

An improper authorization vulnerability exists in Jenkins Promoted Builds Plugin 2.31.1 and earlier in Status.java and ManualCondition.java that allow an attacker with read access to jobs to perform promotions.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages2 packages

🔴Vulnerability Details

3
GHSA
Jenkins Promoted Builds Plugin allowed unauthorized users to run some promotion processes2022-05-13
OSV
Jenkins Promoted Builds Plugin allowed unauthorized users to run some promotion processes2022-05-13
CVEList
CVE-2018-1000114: An improper authorization vulnerability exists in Jenkins Promoted Builds Plugin 22018-03-13

📋Vendor Advisories

2
Red Hat
jenkins-plugin-promoted-builds: Promoted Builds Plugin allowed unauthorized users to run some promotion processes (SECURITY-746)2018-02-26
Jenkins
Jenkins Security Advisory 2018-02-262018-02-26

💬Community

1
Bugzilla
CVE-2018-1000114 jenkins-plugin-promoted-builds: Promoted Builds Plugin allowed unauthorized users to run some promotion processes (SECURITY-746)2018-02-27
CVE-2018-1000114 (MEDIUM CVSS 4.3) | An improper authorization vulnerabi | cvebase.io