Missing permission check in Jenkins Implied Labels Plugin allows reconfiguring the plugin

Implied Labels Plugin 0.6 and earlier does not perform a permission check in an HTTP endpoint. This allows attackers with Overall/Read permission to configure the plugin. Implied Labels Plugin 0.7 requires Overall/Administer permission to configure the plugin...

CVE-2020-2282

Jenkins Implied Labels Plugin 0.6 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to configure the plugin...

Design/Logic Flaw

Jenkins Implied Labels Plugin 0.6 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to configure the plugin...

CVE-2020-2282

CVE-2020-2282 affects Jenkins’ Implied Labels Plugin (versions ≤ 0.6). The issue is a missing permission check on an HTTP endpoint, which allows attackers with Overall/Read permission to reconfigure the plugin. The problem is fixed in version 0.7, which enforces that only users with Overall/Admin...

CVE-2020-2282

Jenkins Implied Labels Plugin 0.6 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to configure the plugin...

PT-2020-15511 · Jenkins · Jenkins Implied Labels Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Implied Labels Plugin versions 0.6 and earlier Description: The issue arises from a lack of permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to configure the plugin. This is resolved in version 0.7...