CVE-2017-1000243: Missing Authorization

May 13, 2022 (updated January 30, 2024)

Jenkins Favorite Plugin 2.1.4 and older does not perform permission checks when changing favorite status, allowing any user to set any other user’s favorites

References

www.securityfocus.com/bid/101946
github.com/advisories/GHSA-268v-2qq7-84pf
jenkins.io/security/advisory/2017-06-06/
nvd.nist.gov/vuln/detail/CVE-2017-1000243

Detect and mitigate CVE-2017-1000243 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →