Vulnerabilities > CVE-2017-1000388 - Missing Authorization vulnerability in Jenkins Dependency Graph Viewer

CVSS 4.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

NONE

Integrity impact

LOW

Availability impact

NONE

network

low complexity

jenkins

CWE-862

NVD

Published: 2018-01-26

Updated: 2020-08-24

Summary

Jenkins Dependency Graph Viewer plugin 0.12 and earlier did not perform permission checks for the API endpoint that modifies the dependency graph, allowing anyone with Overall/Read permission to modify this data.

Vulnerable Configurations

Part	Description	Count
Application	Jenkins Jenkins Dependency Graph Viewer 0.1 Jenkins Dependency Graph Viewer 0.2 Jenkins Dependency Graph Viewer 0.3 Jenkins Dependency Graph Viewer 0.4 Jenkins Dependency Graph Viewer 0.5 Jenkins Dependency Graph Viewer 0.6 Jenkins Dependency Graph Viewer 0.7 Jenkins Dependency Graph Viewer 0.8 Jenkins Dependency Graph Viewer 0.9 Jenkins Dependency Graph Viewer 0.10 Jenkins Dependency Graph Viewer 0.11 Jenkins Dependency Graph Viewer 0.12	12

Common Weakness Enumeration (CWE)

CWE-862 - Missing Authorization

References

https://jenkins.io/security/advisory/2017-10-23/