[MAVEN:GHSA-24W5-W6FW-QQX7] Jenkins Global Post Script Plugin missing permission check

Severity Moderate

Affected Packages 1

CVEs 1

Jenkins Global Post Script Plugin does not perform permission checks on a method implementing form validation. This allows users with Overall/Read permission to list the files contained in $JENKINS_HOME/global-post-script that can be used by the plugin.

Package	Affected Version
pkg:maven/org.jenkins-ci.plugins/global-post-script	<= 1.1.4

ID

MAVEN:GHSA-24W5-W6FW-QQX7

Severity

moderate

URL

https://github.com/advisories/GHSA-24w5-w6fw-qqx7

Published

2022-05-24T16:59:38
(2 years ago)

Modified

2023-10-27T15:50:45
(10 months ago)

Rights

Maven Security Team

Other Advisories

JENKINS:SECURITY-1073

Source	# ID	Name	URL
			https://nvd.nist.gov/vuln/detail/CVE-2019-10474
			https://jenkins.io/security/advisory/2019-10-23/#SECURITY-1073
			http://www.openwall.com/lists/oss-security/2019/10/23/2
			https://github.com/jenkinsci/global-post-script-plugin/commit/6ef4d89279fe1b4c4f19f4622294893ba7f36040
			https://github.com/advisories/GHSA-24w5-w6fw-qqx7

Type	Package URL	Namespace	Name / Product	Version	Distribution / Platform	Arch	Patch / Fix
Affected	pkg:maven/org.jenkins-ci.plugins/global-post-script	org.jenkins-ci.plugins	global-post-script	<= 1.1.4

# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	Exploits	PoC	Pubblication Date	Modification Date
# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	PoC	Pubblication Date	Modification Date