Description
Jenkins Pipeline: Groovy Plugin 3990.vd281dd77a_388 and earlier, except 3975.3977.v478dd9e956c3 does not check whether the main (Jenkinsfile) script for a rebuilt build is approved, allowing attackers with Item/Build permission to rebuild a previous build whose (Jenkinsfile) script is no longer approved.
CVSS breakdown
CVSS 3.1
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Affected products
- Jenkins Project / Jenkins Pipeline: Groovy Plugin0 – 3975.v567e2a_1ffa_22
- Jenkins Project / Jenkins Pipeline: Groovy Plugin3990.vd281dd77a_388 – 3990.vd281dd77a_388