Attackers Can Trigger Builds with Item/Read Permission

CVE-2024-28159
Currently unrated 🤨

Key Information

Vendor
Jenkins
Status
Jenkins Subversion Partial Release Manager Plugin
Vendor
CVE Published:
6 March 2024

Summary

A missing permission check in Jenkins Subversion Partial Release Manager Plugin 1.0.1 and earlier allows attackers with Item/Read permission to trigger a build.

Affected Version(s)

Jenkins Subversion Partial Release Manager Plugin <= 1.0.1

Timeline

  • Vulnerability published.

  • Vulnerability Reserved.

Collectors

NVD DatabaseMitre Database
.