CVE-2019-10377

Missing Authorization in maven/net.hurstfrost.jenkins/avatar

Identifiers

GHSA-mg72-h5gj-8gg7, CVE-2019-10377

Package Slug

maven/net.hurstfrost.jenkins/avatar

Vulnerability

Missing Authorization

Description

A missing permission check in Jenkins Avatar Plugin 1.2 and earlier allows attackers with Overall/Read access to change the avatar of any user of Jenkins.

Affected Versions

All versions before 1.2

Solution

Upgrade to version 1.2 or above.

Last Modified

2024-01-31

source