CVE-2018-1000015

Missing Authorization in maven/org.jenkins-ci.plugins.workflow/workflow-durable-task-step

Identifiers

GHSA-9r7f-rqhw-j8h8, CVE-2018-1000015

Package Slug

maven/org.jenkins-ci.plugins.workflow/workflow-durable-task-step

Vulnerability

Missing Authorization

Description

On Jenkins instances with Authorize Project plugin, the authentication associated with a build may lack the Computer/Build permission on some agents. This does not prevent the execution of Pipeline node blocks on those agents due to incorrect permissions checks in Pipeline: Nodes and Processes plugin 2.17 and earlier.

Affected Versions

All versions up to 2.17

Solution

Upgrade to version 2.18 or above.

Last Modified

2024-01-31

source