2 matches found
io.jenkins.blueocean:blueocean (>=1.0-alpha-1 <=1.27.25), io.jenkins.blueocean:blueocean-bitbucket-pipeline (>=1.27.17 <=1.27.25) +10 more potentially affected by CVE-2017-1000243 via org.jvnet.hudson.plugins:favorite (>=1.16 <=2.225.v68765b_b_a_1fa_3)
org.jvnet.hudson.plugins:favorite MAVEN version =1.16, =1.0-alpha-1, =1.27.17, =1.0.0, =1.0-alpha-1, =1.0-alpha-1, =1.0.0, =1.0.0, =1.0-alpha-8, =1.0-alpha-4, =0.1-preview-4, =1.0-alpha-1, =0.1, =1.0.0 Source cves: CVE-2017-1000243 Source advisory: OSV:GHSA-268V-2QQ7-84PF...
CVE-2017-1000243
Jenkins Favorite Plugin (up to 2.1.x) contains a permissions check flaw that allows any user to modify another user’s favorites. This is described across multiple sources as a lack of privilege validation when changing favorite status, enabling unauthorized changes via the affected plugin. The vu...