GHSA-268v-2qq7-84pf, CVE-2017-1000243
maven/org.jvnet.hudson.plugins/favorite
Missing Authorization
Jenkins Favorite Plugin 2.1.4 and older does not perform permission checks when changing favorite status, allowing any user to set any other user's favorites
All versions before 2.3.0
Upgrade to version 2.3.0 or above.
2024-01-31
source |