Missing Authorization in Jenkins Pipeline: Shared Groovy Libraries Plugin
Moderate severity
GitHub Reviewed
Published
May 24, 2022
to the GitHub Advisory Database
•
Updated Sep 11, 2023
Package
Affected versions
<= 2.14
Patched versions
2.15
Description
Published by the National Vulnerability Database
Jul 31, 2019
Published to the GitHub Advisory Database
May 24, 2022
Reviewed
Jun 28, 2022
Last updated
Sep 11, 2023
Credits
-
dbolkensteyn Analyst
A missing permission check in Jenkins Pipeline: Shared Groovy Libraries Plugin 2.14 and earlier allowed users with Overall/Read access to obtain limited information about the content of SCM repositories referenced by global libraries.
References