CVE-2017-1000403

Incorrect Permission Assignment for Critical Resource in maven/org.jvnet.hudson.plugins/speaks

Identifiers

GHSA-5532-prrf-rf5x, CVE-2017-1000403

Package Slug

maven/org.jvnet.hudson.plugins/speaks

Vulnerability

Incorrect Permission Assignment for Critical Resource

Description

Jenkins Speaks! Plugin, all current versions, allows users with Job/Configure permission to run arbitrary Groovy code inside the Jenkins JVM, effectively elevating privileges to Overall/Run Scripts.

Affected Versions

All versions up to 0.1.1

Solution

Unfortunately, there is no solution available yet.

Last Modified

2024-01-31

source