CVE-2022-34818

Missing Authorization in maven/de.einsundeins.jenkins.plugins.failedjobdeactivator/failedJobDeactivator

Identifiers

GHSA-hcjr-6jq3-392p, CVE-2022-34818

Package Slug

maven/de.einsundeins.jenkins.plugins.failedjobdeactivator/failedJobDeactivator

Vulnerability

Missing Authorization

Description

Jenkins Failed Job Deactivator Plugin 1.2.1 and earlier does not perform permission checks in several views and HTTP endpoints, allowing attackers with Overall/Read permission to disable jobs.

Affected Versions

All versions up to 1.2.1

Solution

Unfortunately, there is no solution available yet.

Last Modified

2022-07-24

source