Description
In Jenkins before versions 2.44, 2.32.2 low privilege users were able to act on administrative monitors due to them not being consistently protected by permission checks (SECURITY-371).
CVSS breakdown
CVSS 3.0
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
Low
Availability
None
Affected products
- Unknown / jenkinsjenkins 2.44 – jenkins 2.44
- Unknown / jenkinsjenkins 2.32.2 – jenkins 2.32.2