Vulnerabilities > CVE-2018-1000015 - Missing Authorization vulnerability in Jenkins Pipeline Nodes and Processes

CVSS 4.8 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

HIGH

Confidentiality impact

LOW

Integrity impact

LOW

Availability impact

NONE

network

low complexity

jenkins

CWE-862

NVD

Published: 2018-01-23

Updated: 2020-08-24

Summary

On Jenkins instances with Authorize Project plugin, the authentication associated with a build may lack the Computer/Build permission on some agents. This did not prevent the execution of Pipeline `node` blocks on those agents due to incorrect permissions checks in Pipeline: Nodes and Processes plugin 2.17 and earlier.

Vulnerable Configurations

Part	Description	Count
Application	Jenkins Jenkins Pipeline Nodes AND Processes 2.0 Jenkins Pipeline Nodes AND Processes 2.1 Jenkins Pipeline Nodes AND Processes 2.2 Jenkins Pipeline Nodes AND Processes 2.3 Jenkins Pipeline Nodes AND Processes 2.4 Jenkins Pipeline Nodes AND Processes 2.5 Jenkins Pipeline Nodes AND Processes 2.6 Jenkins Pipeline Nodes AND Processes 2.7 Jenkins Pipeline Nodes AND Processes 2.8 Jenkins Pipeline Nodes AND Processes 2.9 Jenkins Pipeline Nodes AND Processes 2.10 Jenkins Pipeline Nodes AND Processes 2.11 Jenkins Pipeline Nodes AND Processes 2.12 Jenkins Pipeline Nodes AND Processes 2.13 Jenkins Pipeline Nodes AND Processes 2.14 Jenkins Pipeline Nodes AND Processes 2.15 Jenkins Pipeline Nodes AND Processes 2.16 Jenkins Pipeline Nodes AND Processes 2.17	18

Common Weakness Enumeration (CWE)

CWE-862 - Missing Authorization

References

https://jenkins.io/security/advisory/2018-01-22/