GHSA-vhh3-mvc4-hhq6, CVE-2017-1000388
maven/org.jenkins-ci.plugins/depgraph-view
Missing Authorization
Jenkins Dependency Graph Viewer plugin 0.12 and earlier does not perform permission checks for the API endpoint that modifies the dependency graph, allowing anyone with Overall/Read permission to modify this data.
All versions up to 0.12
Upgrade to version 0.13 or above.
2024-01-31
source |