1. Home
  2. Security Advisories
  3. Jenkins
  4. JENKINS:SECURITY-1073

[JENKINS:SECURITY-1073] Missing permission check in `global-post-script` allowed obtaining configuration data

Severity Medium
Affected Packages 2
CVEs 1
Info Packages References Vulnerabilities

global-post-script does not perform permission checks on a method implementing form validation.
This allows users with Overall/Read permission to list the files contained in $JENKINS_HOME/global-post-script that can be used by the plugin.

As of publication of this advisory, there is no fix.

Package Affected Version
pkg:maven/org.jenkins-ci.plugins/global-post-script <= 1.1.4
pkg:github/jenkinsci/global-post-script-plugin <= 1.1.4
ID
JENKINS:SECURITY-1073
Severity
medium
Published
2019-10-23T00:00:00
(4 years ago)
Modified
2019-10-23T00:00:00
(4 years ago)
Rights
Jenkins Security Team
Other Advisories
Source # ID Name URL
Plugin repository global-post-script repository https://github.com/jenkinsci/global-post-script-plugin
Type Package URL Namespace Name / Product Version Distribution / Platform Arch Patch / Fix
Affected pkg:maven/org.jenkins-ci.plugins/global-post-script org.jenkins-ci.plugins global-post-script <= 1.1.4
Affected pkg:github/jenkinsci/global-post-script-plugin jenkinsci global-post-script-plugin <= 1.1.4
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories Exploits PoC Pubblication Date Modification Date
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories PoC Pubblication Date Modification Date