Jenkins Build Step Plugin fails to check Item/Build permission

2022-05-1301:40:54

Google

osv.dev

7.2 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

40.5%

JSON

Builds in Jenkins are associated with an authentication that controls the permissions that the build has to interact with other elements in Jenkins. The Pipeline: Build Step Plugin did not check the build authentication it was running as and allowed triggering any other project in Jenkins.

CPENameOperatorVersion
org.jenkins-ci.plugins:pipeline-build-stepeq2.3
org.jenkins-ci.plugins:pipeline-build-stepeq2.1
org.jenkins-ci.plugins:pipeline-build-stepeq2.4
org.jenkins-ci.plugins:pipeline-build-stepeq2.0
org.jenkins-ci.plugins:pipeline-build-stepeq2.2
org.jenkins-ci.plugins:pipeline-build-stepeq2.5

Name	Operator	Version
org.jenkins-ci.plugins:pipeline-build-step	eq	2.3
org.jenkins-ci.plugins:pipeline-build-step	eq	2.1
org.jenkins-ci.plugins:pipeline-build-step	eq	2.4
org.jenkins-ci.plugins:pipeline-build-step	eq	2.0
org.jenkins-ci.plugins:pipeline-build-step	eq	2.2
org.jenkins-ci.plugins:pipeline-build-step	eq	2.5