CVE-2017-1000243

Jenkins Favorite Plugin 2.1.4 and older does not perform permission checks when changing favorite status, allowing any user to set any other user's favorites
Configurations

Configuration 1 (hide)

cpe:2.3:a:jenkins:favorite_plugin:*:*:*:*:*:jenkins:*:*

History

21 Nov 2024, 03:04

Type Values Removed Values Added
References () http://www.securityfocus.com/bid/101946 - () http://www.securityfocus.com/bid/101946 -
References () https://jenkins.io/security/advisory/2017-06-06/ - Vendor Advisory () https://jenkins.io/security/advisory/2017-06-06/ - Vendor Advisory

Information

Published : 2017-11-01 13:29

Updated : 2024-11-21 03:04


NVD link : CVE-2017-1000243

Mitre link : CVE-2017-1000243

CVE.ORG link : CVE-2017-1000243


JSON object : View

Products Affected

jenkins

  • favorite_plugin
CWE
CWE-862

Missing Authorization