[MAVEN:GHSA-MC22-25R3-2W9W] Parameterized Trigger Plugin fails to check Item/Build permission

Severity Moderate

Affected Packages 1

Fixed Packages 1

CVEs 1

Parameterized Trigger Plugin fails to check Item/Build permission: The Parameterized Trigger Plugin did not check the build authentication it was running as and allowed triggering any other project in Jenkins. The plugin has been adapted to now check for Item/Build permission before triggering a downstream build.

Package	Affected Version
pkg:maven/org.jenkins-ci.plugins/parameterized-trigger	< 2.35.1

Package	Fixed Version
pkg:maven/org.jenkins-ci.plugins/parameterized-trigger	= 2.35.1

ID: MAVEN:GHSA-MC22-25R3-2W9W
Severity: moderate
URL: https://github.com/advisories/GHSA-mc22-25r3-2w9w
Published: 2022-05-13T01:40:56
(2 years ago)
Modified: 2024-01-03T10:38:53
(8 months ago)
Rights: Maven Security Team

Source	# ID	Name	URL
			https://nvd.nist.gov/vuln/detail/CVE-2017-1000084
			https://jenkins.io/security/advisory/2017-07-10/
			https://github.com/jenkinsci/parameterized-trigger-plugin/pull/114
			https://issues.jenkins.io/browse/JENKINS-45471
			https://github.com/fbelzunc/parameterized-trigger-plugin/commit/345d54f8f031bef68ecb6fd4e7eee0be720162e4
			https://github.com/advisories/GHSA-mc22-25r3-2w9w

Type	Package URL	Namespace	Name / Product	Version	Distribution / Platform	Arch	Patch / Fix
Affected	pkg:maven/org.jenkins-ci.plugins/parameterized-trigger	org.jenkins-ci.plugins	parameterized-trigger	< 2.35.1
Fixed	pkg:maven/org.jenkins-ci.plugins/parameterized-trigger	org.jenkins-ci.plugins	parameterized-trigger	= 2.35.1

# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	Exploits	PoC	Pubblication Date	Modification Date
# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	PoC	Pubblication Date	Modification Date