Missing permission check in Jenkins Project Inheritance Plugin

2022-05-2416:56:45

Google

osv.dev

6.6 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

22.0%

JSON

A missing permission check in Jenkins Project Inheritance Plugin 19.08.01 and earlier allowed attackers with Overall/Read permission to trigger project generation from templates.

CPENameOperatorVersion
hudson.plugins:project-inheritanceeq1.5.0
hudson.plugins:project-inheritanceeq1.4.8
hudson.plugins:project-inheritanceeq1.4.11.1
hudson.plugins:project-inheritanceeq1.4.9
hudson.plugins:project-inheritanceeq1.5.1
hudson.plugins:project-inheritanceeq1.4.12
hudson.plugins:project-inheritanceeq19.08.01
hudson.plugins:project-inheritanceeq1.4.10
hudson.plugins:project-inheritanceeq1.5.3
hudson.plugins:project-inheritanceeq2.0.0

Name	Operator	Version
hudson.plugins:project-inheritance	eq	1.5.0
hudson.plugins:project-inheritance	eq	1.4.8
hudson.plugins:project-inheritance	eq	1.4.11.1
hudson.plugins:project-inheritance	eq	1.4.9
hudson.plugins:project-inheritance	eq	1.5.1
hudson.plugins:project-inheritance	eq	1.4.12
hudson.plugins:project-inheritance	eq	19.08.01
hudson.plugins:project-inheritance	eq	1.4.10
hudson.plugins:project-inheritance	eq	1.5.3
hudson.plugins:project-inheritance	eq	2.0.0