1. Home
  2. Security Advisories
  3. Maven
  4. MAVEN:GHSA-7RX6-4VWV-432G

[MAVEN:GHSA-7RX6-4VWV-432G] Missing permission check in Jenkins CloudBees CD Plugin allows scheduling builds

Severity Moderate
Affected Packages 2
Fixed Packages 2
CVEs 1
Info Packages References Vulnerabilities

Jenkins CloudBees CD Plugin does not perform a permission check in an HTTP endpoint.

This allows attackers with Item/Read permission to schedule builds of projects without having Item/Build permission.

Jenkins CloudBees CD Plugin requires Item/Build permission to schedule builds via its HTTP endpoint.

Package Affected Version
pkg:maven/org.jenkins-ci.plugins/electricflow >= 1.1.19, < 1.1.22
pkg:maven/org.jenkins-ci.plugins/electricflow < 1.1.18.1
Package Fixed Version
pkg:maven/org.jenkins-ci.plugins/electricflow = 1.1.22
pkg:maven/org.jenkins-ci.plugins/electricflow = 1.1.18.1
ID
MAVEN:GHSA-7RX6-4VWV-432G
Severity
moderate
URL
https://github.com/advisories/GHSA-7rx6-4vwv-432g
Published
2022-05-24T17:48:06
(2 years ago)
Modified
2023-12-15T17:04:36
(9 months ago)
Rights
Maven Security Team
Other Advisories
Type Package URL Namespace Name / Product Version Distribution / Platform Arch Patch / Fix
Affected pkg:maven/org.jenkins-ci.plugins/electricflow org.jenkins-ci.plugins electricflow >= 1.1.19 < 1.1.22
Fixed pkg:maven/org.jenkins-ci.plugins/electricflow org.jenkins-ci.plugins electricflow = 1.1.22
Affected pkg:maven/org.jenkins-ci.plugins/electricflow org.jenkins-ci.plugins electricflow < 1.1.18.1
Fixed pkg:maven/org.jenkins-ci.plugins/electricflow org.jenkins-ci.plugins electricflow = 1.1.18.1
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories Exploits PoC Pubblication Date Modification Date
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories PoC Pubblication Date Modification Date