CVE-2017-1000243

MEDIUM

Jenkins Favorite Plugin <2.1.4 - Privilege Escalation

Title source: llm
STIX 2.1

Description

Jenkins Favorite Plugin 2.1.4 and older does not perform permission checks when changing favorite status, allowing any user to set any other user's favorites

References (2)

Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/101946
Vendor Advisory x_refsource_confirm
https://jenkins.io/security/advisory/2017-06-06/

Scores

CVSS v3 4.3
EPSS 0.0003
EPSS Percentile 9.2%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Details

CWE
CWE-862
Status published
Products (2)
jenkins/favorite_plugin < 2.1.4
org.jvnet.hudson.plugins/favorite 0 - 2.3.0Maven
Published Nov 01, 2017
Tracked Since Feb 18, 2026