CVE-2017-1000388

Missing Authorization in maven/org.jenkins-ci.plugins/depgraph-view

Identifiers

GHSA-vhh3-mvc4-hhq6, CVE-2017-1000388

Package Slug

maven/org.jenkins-ci.plugins/depgraph-view

Vulnerability

Missing Authorization

Description

Jenkins Dependency Graph Viewer plugin 0.12 and earlier does not perform permission checks for the API endpoint that modifies the dependency graph, allowing anyone with Overall/Read permission to modify this data.

Affected Versions

All versions up to 0.12

Solution

Upgrade to version 0.13 or above.

Last Modified

2024-01-31

source