4 matches found
org.jenkins-ci.plugins:vectorcast-execution (>=0.16 <=0.61), org.zeroturnaround.jenkins:build-flow-test-aggregator (>=1.1 <=1.2) potentially affected by CVE-2017-1000390 via org.jenkins-ci.plugins:jenkins-multijob-plugin (>=1.16 <=1.21)
org.jenkins-ci.plugins:jenkins-multijob-plugin MAVEN version =1.16, =0.16, =1.1, =1.2 Source cves: CVE-2017-1000390 Source advisory: OSV:GHSA-P9R2-GGHQ-HC57...
CVE-2017-1000390
Jenkins Multijob plugin version 1.25 and earlier did not check permissions in the Resume Build action, allowing anyone with Job/Read permission to resume the build...
CVE-2017-1000390
Jenkins Multijob plugin version 1.25 and earlier did not check permissions in the Resume Build action, allowing anyone with Job/Read permission to resume the build...
CVE-2017-1000390
The CVE-2017-1000390 entry concerns the Jenkins Multijob plugin where versions up to 1.25 did not enforce permissions for the Resume Build action. This allowed anyone with Job/Read permission to resume a build, representing a security bypass of build control. Affected component: Jenkins Multijob ...