2 matches found
CVE-2019-10377
A missing permission check in Jenkins Avatar Plugin 1.2 and earlier allows attackers with Overall/Read access to change the avatar of any user of Jenkins...
CVE-2019-10377
CVE-2019-10377 affects Jenkins Avatar Plugin versions 1.2 and earlier. The root cause is a missing permission check, which allows attackers with Overall/Read access to change the avatar of any Jenkins user. The consequence is unauthorized modification of user avatars, under the stated access leve...