Vulnerability Details CVE-2017-1000243
Jenkins Favorite Plugin 2.1.4 and older does not perform permission checks when changing favorite status, allowing any user to set any other user's favorites
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 7.2%
CVSS Severity
CVSS v3 Score 4.3
CVSS v2 Score 4.0
References
Products affected by CVE-2017-1000243
-
cpe:2.3:a:jenkins:favorite_plugin:1.0
-
cpe:2.3:a:jenkins:favorite_plugin:1.1
-
cpe:2.3:a:jenkins:favorite_plugin:1.10
-
cpe:2.3:a:jenkins:favorite_plugin:1.11
-
cpe:2.3:a:jenkins:favorite_plugin:1.12
-
cpe:2.3:a:jenkins:favorite_plugin:1.13
-
cpe:2.3:a:jenkins:favorite_plugin:1.14
-
cpe:2.3:a:jenkins:favorite_plugin:1.15
-
cpe:2.3:a:jenkins:favorite_plugin:1.16
-
cpe:2.3:a:jenkins:favorite_plugin:1.2
-
cpe:2.3:a:jenkins:favorite_plugin:1.3
-
cpe:2.3:a:jenkins:favorite_plugin:1.4
-
cpe:2.3:a:jenkins:favorite_plugin:1.5
-
cpe:2.3:a:jenkins:favorite_plugin:1.6
-
cpe:2.3:a:jenkins:favorite_plugin:1.7
-
cpe:2.3:a:jenkins:favorite_plugin:1.8
-
cpe:2.3:a:jenkins:favorite_plugin:1.9
-
cpe:2.3:a:jenkins:favorite_plugin:2.0
-
cpe:2.3:a:jenkins:favorite_plugin:2.0.1
-
cpe:2.3:a:jenkins:favorite_plugin:2.0.2
-
cpe:2.3:a:jenkins:favorite_plugin:2.0.3
-
cpe:2.3:a:jenkins:favorite_plugin:2.0.4
-
cpe:2.3:a:jenkins:favorite_plugin:2.1.0
-
cpe:2.3:a:jenkins:favorite_plugin:2.1.4