CVE-2018-1000114: An improper authorization vulnerability exists in Jenkins Promoted Builds Plugin 2.31.1 and earlier in Status.java and ManualCondition.java that allow an…

medium4.3CVSS 3.0

AVNACLPRLUINSUCNILAN

An improper authorization vulnerability exists in Jenkins Promoted Builds Plugin 2.31.1 and earlier in Status.java and ManualCondition.java that allow an attacker with read access to jobs to perform promotions.

Affected

20 ranges

Vendor	Product	Version range	Fixed in
jenkins	azure_slave_plugin	—	—
jenkins	azure_vm_agents_plugin	—	—
jenkins	coverity_plugin	—	—
jenkins	cppncss_plugin	—	—
jenkins	credentials_plugin	—	—
jenkins	envinject_plugin	—	—
jenkins	environment_injector_plugin	—	—
jenkins	gerrit_trigger_plugin	—	—
jenkins	git_plugin	—	—
jenkins	google_play_android_publisher_plugin	—	—
jenkins	ids_in_google_play_android_publisher_plugin	—	—
jenkins	improper_access_control_in_gerrit_trigger_plugin	—	—
jenkins	job_and_node_ownership_plugin	—	—
jenkins	mercurial_plugin	—	—
jenkins	promoted_builds	<= 2.31.1	—
jenkins	testlink_plugin	—	—
jenkins	url_in_git_plugin	—	—
jenkins	url_in_mercurial_plugin	—	—
jenkins	url_in_subversion_plugin	—	—
jenkins	you_have_ever_used_environment_injector_plugin	—	—