CVE-2018-1000114
Jenkins Promoted Builds Plugin allowed unauthorized users to run some promotion processes
4.3
MEDIUM
CVSS 3.1
EPSS 0.03%
Description
An improper authorization vulnerability exists in Jenkins Promoted Builds Plugin 2.31.1 and earlier in Status.java and ManualCondition.java that allow an attacker with read access to jobs to perform promotions.
How to fix CVE-2018-1000114
To remediate CVE-2018-1000114, upgrade the affected package to a fixed version below.
- —upgrade to 3.0 or later
Is CVE-2018-1000114 being exploited?
Low — EPSS is 0.0%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 3.0
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM4.3 | CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N |