Lucene search

GitHub Advisory DatabaseGHSA-P265-XR98-3VMR

HistoryMay 13, 2022 - 1:00 a.m.

Incorrect Authorization in Jenkins

2022-05-1301:00:59

CWE-863

GitHub Advisory Database

github.com

jenkins

vulnerability

authorization

queue.java

attackers

permission

cancel queued builds

software

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:N/I:P/A:N

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

EPSS

0.001

Percentile

21.7%

JSON

A Improper authorization vulnerability exists in Jenkins 2.132 and earlier, 2.121.1 and earlier in Queue.java that allows attackers with Overall/Read permission to cancel queued builds.

Affected configurations

Vulners

Node

org.jenkins-ci.main\Matchjenkins-core

References

github.com/advisories/GHSA-p265-xr98-3vmr

github.com/jenkinsci/jenkins/commit/af9e11c9941487f69ec1a95c65958fc208064e7a

jenkins.io/security/advisory/2018-07-18/#SECURITY-891

nvd.nist.gov/vuln/detail/CVE-2018-1999003

www.oracle.com/security-alerts/cpuapr2022.html

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:N/I:P/A:N

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

EPSS

0.001

Percentile

21.7%

JSON

Related for GHSA-P265-XR98-3VMR