Vulnerability Details CVE-2018-1000015
On Jenkins instances with Authorize Project plugin, the authentication associated with a build may lack the Computer/Build permission on some agents. This did not prevent the execution of Pipeline `node` blocks on those agents due to incorrect permissions checks in Pipeline: Nodes and Processes plugin 2.17 and earlier.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 8.0%
CVSS Severity
CVSS v3 Score 4.8
CVSS v2 Score 4.9
References
Products affected by CVE-2018-1000015
-
cpe:2.3:a:jenkins:pipeline_nodes_and_processes:2.0
-
cpe:2.3:a:jenkins:pipeline_nodes_and_processes:2.1
-
cpe:2.3:a:jenkins:pipeline_nodes_and_processes:2.10
-
cpe:2.3:a:jenkins:pipeline_nodes_and_processes:2.11
-
cpe:2.3:a:jenkins:pipeline_nodes_and_processes:2.12
-
cpe:2.3:a:jenkins:pipeline_nodes_and_processes:2.13
-
cpe:2.3:a:jenkins:pipeline_nodes_and_processes:2.14
-
cpe:2.3:a:jenkins:pipeline_nodes_and_processes:2.15
-
cpe:2.3:a:jenkins:pipeline_nodes_and_processes:2.16
-
cpe:2.3:a:jenkins:pipeline_nodes_and_processes:2.17
-
cpe:2.3:a:jenkins:pipeline_nodes_and_processes:2.2
-
cpe:2.3:a:jenkins:pipeline_nodes_and_processes:2.3
-
cpe:2.3:a:jenkins:pipeline_nodes_and_processes:2.4
-
cpe:2.3:a:jenkins:pipeline_nodes_and_processes:2.5
-
cpe:2.3:a:jenkins:pipeline_nodes_and_processes:2.6
-
cpe:2.3:a:jenkins:pipeline_nodes_and_processes:2.7
-
cpe:2.3:a:jenkins:pipeline_nodes_and_processes:2.8
-
cpe:2.3:a:jenkins:pipeline_nodes_and_processes:2.9