CVE-2017-1000243

Missing Authorization in maven/org.jvnet.hudson.plugins/favorite

Identifiers

GHSA-268v-2qq7-84pf, CVE-2017-1000243

Package Slug

maven/org.jvnet.hudson.plugins/favorite

Vulnerability

Missing Authorization

Description

Jenkins Favorite Plugin 2.1.4 and older does not perform permission checks when changing favorite status, allowing any user to set any other user's favorites

Affected Versions

All versions before 2.3.0

Solution

Upgrade to version 2.3.0 or above.

Last Modified

2024-01-31

source