CVE-2017-1000388

CVSS v3.0 4.3 (Medium)

CVSS v2.0 4 (Medium)

EPSS 0.05 % (22^th)

Affected Products 1

Advisories 1

Jenkins Dependency Graph Viewer plugin 0.12 and earlier did not perform permission checks for the API endpoint that modifies the dependency graph, allowing anyone with Overall/Read permission to modify this data.

Weaknesses

CWE-862: Missing Authorization

CVE Status: PUBLISHED
CNA: MITRE
Published Date: 2018-01-26 02:29:00
(6 years ago)
Updated Date: 2020-08-24 17:37:01
(4 years ago)

Affected Products

Jenkins

Dependency Graph Viewer

Configuration #1

		CPE23	From	Up To
	Jenkins Dependency Graph Viewer for Jenkins 0.12 and prior versions	cpe:2.3:a:jenkins:dependency_graph_viewer::::::jenkins		<= 0.12