CVE-2018-1000015

MEDIUM

Jenkins Pipeline: Nodes and Processes < 2.17 - Missing Authorization for Pipeline Node Blocks

Title source: llm
STIX 2.1

Description

On Jenkins instances with Authorize Project plugin, the authentication associated with a build may lack the Computer/Build permission on some agents. This did not prevent the execution of Pipeline `node` blocks on those agents due to incorrect permissions checks in Pipeline: Nodes and Processes plugin 2.17 and earlier.

References (1)

Core 1
Core References
Vendor Advisory x_refsource_confirm
https://jenkins.io/security/advisory/2018-01-22/

Scores

CVSS v3 4.8
EPSS 0.0003
EPSS Percentile 10.0%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Details

CWE
CWE-862
Status published
Products (2)
jenkins/pipeline_nodes_and_processes < 2.17
org.jenkins-ci.plugins.workflow/workflow-durable-task-step 0 - 2.18Maven
Published Jan 23, 2018
Tracked Since Feb 18, 2026