GHSA-mg72-h5gj-8gg7, CVE-2019-10377
maven/net.hurstfrost.jenkins/avatar
Missing Authorization
A missing permission check in Jenkins Avatar Plugin 1.2 and earlier allows attackers with Overall/Read access to change the avatar of any user of Jenkins.
All versions before 1.2
Upgrade to version 1.2 or above.
2024-01-31
source |