Skip to content

Jenkins allows attackers to execute arbitrary jobs

Moderate severity GitHub Reviewed Published May 17, 2022 to the GitHub Advisory Database • Updated Mar 5, 2024

Package

maven org.jenkins-ci.main:jenkins-core (Maven)

Affected versions

>= 1.533, < 1.551
< 1.532.2

Patched versions

1.551
1.532.2

Description

BuildTrigger in Jenkins before 1.551 and LTS before 1.532.2 allows remote authenticated users to bypass access restrictions and execute arbitrary jobs by configuring a job to trigger another job. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-7330.

References

Published by the National Vulnerability Database Oct 17, 2014
Published to the GitHub Advisory Database May 17, 2022
Reviewed Mar 5, 2024
Last updated Mar 5, 2024

Severity

Moderate

EPSS score

0.264%
(66th percentile)

Weaknesses

No CWEs

CVE ID

CVE-2014-2058

GHSA ID

GHSA-7fpg-pp3m-h22f

Source code

Credits

Loading Checking history
See something to contribute? Suggest improvements for this vulnerability.