Vulnerabilities > CVE-2018-1000107 - Incorrect Authorization vulnerability in Jenkins JOB and Node Ownership

CVSS 6.5 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

NONE

Integrity impact

HIGH

Availability impact

NONE

network

low complexity

jenkins

CWE-863

NVD

Published: 2018-03-13

Updated: 2019-10-03

Summary

An improper authorization vulnerability exists in Jenkins Job and Node Ownership Plugin 0.11.0 and earlier in OwnershipDescription.java, JobOwnerJobProperty.java, and OwnerNodeProperty.java that allow an attacker with Job/Configure or Computer/Configure permission and without Ownership related permissions to override ownership metadata.

Vulnerable Configurations

Part	Description	Count
Application	Jenkins Jenkins JOB AND Node Ownership 0.1.0 Jenkins JOB AND Node Ownership 0.2.0 Jenkins JOB AND Node Ownership 0.2.1 Jenkins JOB AND Node Ownership 0.3 Jenkins JOB AND Node Ownership 0.4 Jenkins JOB AND Node Ownership 0.5 Jenkins JOB AND Node Ownership 0.5.1 Jenkins JOB AND Node Ownership 0.6 Jenkins JOB AND Node Ownership 0.7 Jenkins JOB AND Node Ownership 0.8 Jenkins JOB AND Node Ownership 0.9.0 Jenkins JOB AND Node Ownership 0.9.1 Jenkins JOB AND Node Ownership 0.10.0 Jenkins JOB AND Node Ownership 0.11.0	15

Common Weakness Enumeration (CWE)

CWE-863 - Incorrect Authorization

References

https://jenkins.io/security/advisory/2018-02-26/#SECURITY-498