Lucene search

GitHub Advisory DatabaseGHSA-MR9J-QQJH-67F2

HistoryMar 06, 2024 - 6:30 p.m.

Jenkins Subversion Partial Release Manager Plugin missing permission check

2024-03-0618:30:39

CWE-862

GitHub Advisory Database

github.com

jenkins

subversion

release manager

missing permission

security vulnerability

build trigger

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

AI Score

6.6

Confidence

High

EPSS

Percentile

9.0%

JSON

A missing permission check in Jenkins Subversion Partial Release Manager Plugin 1.0.1 and earlier allows attackers with Item/Read permission to trigger a build.

Affected configurations

Vulners

Node

org.jenkins-ci.pluginssvn-partial-release-mgrRange≤1.0.1

VendorProductVersionCPE
org.jenkins-ci.pluginssvn-partial-release-mgr*cpe:2.3:a:org.jenkins-ci.plugins:svn-partial-release-mgr:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
org.jenkins-ci.plugins	svn-partial-release-mgr	*	cpe:2.3:a:org.jenkins-ci.plugins:svn-partial-release-mgr::::::::

References

www.openwall.com/lists/oss-security/2024/03/06/3

github.com/advisories/GHSA-mr9j-qqjh-67f2

nvd.nist.gov/vuln/detail/CVE-2024-28159

www.jenkins.io/security/advisory/2024-03-06/#SECURITY-3325

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

AI Score

6.6

Confidence

High

EPSS

Percentile

9.0%

JSON

Related for GHSA-MR9J-QQJH-67F2