GHSA-5532-prrf-rf5x, CVE-2017-1000403
maven/org.jvnet.hudson.plugins/speaks
Incorrect Permission Assignment for Critical Resource
Jenkins Speaks! Plugin, all current versions, allows users with Job/Configure permission to run arbitrary Groovy code inside the Jenkins JVM, effectively elevating privileges to Overall/Run Scripts.
All versions up to 0.1.1
Unfortunately, there is no solution available yet.
2024-01-31
source |