Incorrect permission checks in Pipeline: Nodes and Processes plugin

2022-05-1301:18:43

Google

osv.dev

7 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

24.2%

JSON

On Jenkins instances with Authorize Project plugin, the authentication associated with a build may lack the Computer/Build permission on some agents. This did not prevent the execution of Pipeline node blocks on those agents due to incorrect permissions checks in Pipeline: Nodes and Processes plugin 2.17 and earlier.

CPENameOperatorVersion
org.jenkins-ci.plugins.workflow:workflow-durable-task-stepeq1.15
org.jenkins-ci.plugins.workflow:workflow-durable-task-stepeq2.11
org.jenkins-ci.plugins.workflow:workflow-durable-task-stepeq2.8
org.jenkins-ci.plugins.workflow:workflow-durable-task-stepeq1.4.2
org.jenkins-ci.plugins.workflow:workflow-durable-task-stepeq2.2
org.jenkins-ci.plugins.workflow:workflow-durable-task-stepeq2.5
org.jenkins-ci.plugins.workflow:workflow-durable-task-stepeq0.1-beta-4
org.jenkins-ci.plugins.workflow:workflow-durable-task-stepeq1.12-beta-2
org.jenkins-ci.plugins.workflow:workflow-durable-task-stepeq2.14
org.jenkins-ci.plugins.workflow:workflow-durable-task-stepeq1.10.1

Name	Operator	Version
org.jenkins-ci.plugins.workflow:workflow-durable-task-step	eq	1.15
org.jenkins-ci.plugins.workflow:workflow-durable-task-step	eq	2.11
org.jenkins-ci.plugins.workflow:workflow-durable-task-step	eq	2.8
org.jenkins-ci.plugins.workflow:workflow-durable-task-step	eq	1.4.2
org.jenkins-ci.plugins.workflow:workflow-durable-task-step	eq	2.2
org.jenkins-ci.plugins.workflow:workflow-durable-task-step	eq	2.5
org.jenkins-ci.plugins.workflow:workflow-durable-task-step	eq	0.1-beta-4
org.jenkins-ci.plugins.workflow:workflow-durable-task-step	eq	1.12-beta-2
org.jenkins-ci.plugins.workflow:workflow-durable-task-step	eq	2.14
org.jenkins-ci.plugins.workflow:workflow-durable-task-step	eq	1.10.1