Jenkins Speaks! Plugin, all current versions, allows users with Job/Configure permission to run arbitrary Groovy code inside the Jenkins JVM, effectively elevating privileges to Overall/Run Scripts.
References
Link | Resource |
---|---|
https://jenkins.io/security/advisory/2017-10-11/ | Vendor Advisory |
Configurations
Information
Published : 2018-01-25 18:29
Updated : 2019-10-02 17:03
NVD link : CVE-2017-1000403
Mitre link : CVE-2017-1000403
JSON object : View
CWE
CWE-732
Incorrect Permission Assignment for Critical Resource
Products Affected
jenkins
- speaks\!