CVE-2017-1000243
Missing permission check in Jenkins Favorite Plugin
4.3
MEDIUM
CVSS 3.1
EPSS 0.03%
Description
Jenkins Favorite Plugin up to and including 2.1.0 does not perform permission checks when changing favorite status, allowing any user to set any other user's favorites
How to fix CVE-2017-1000243
To remediate CVE-2017-1000243, upgrade the affected package to a fixed version below.
- Maven/org.jvnet.hudson.plugins:favorite—upgrade to 2.3.0 or later
Is CVE-2017-1000243 being exploited?
Low — EPSS is 0.0%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 2.3.0
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM4.3 | CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N |