A missing permission check in Jenkins Avatar Plugin 1.2 and earlier allows attackers with Overall/Read access to change the avatar of any user of Jenkins.
CPE | Name | Operator | Version |
---|---|---|---|
net.hurstfrost.jenkins:avatar | eq | 1.0 | |
net.hurstfrost.jenkins:avatar | eq | 1.1 | |
net.hurstfrost.jenkins:avatar | eq | 1.2 |