CVE-2018-1000107

MEDIUM Year: 2018
CVSS v3 Score
6.5
Medium
CVSS v2 Score
4.0
Medium
Weakness Type
CWE-863
View all →

Vulnerability Description

An improper authorization vulnerability exists in Jenkins Job and Node Ownership Plugin 0.11.0 and earlier in OwnershipDescription.java, JobOwnerJobProperty.java, and OwnerNodeProperty.java that allow an attacker with Job/Configure or Computer/Configure permission and without Ownership related permissions to override ownership metadata.

Related Vulnerabilities

CVE-2009-2213

MEDIUM
CVSS:6.5(Medium)

The default configuration of the Security global settings on the Citrix NetScaler Access Gateway appliance with Enterprise Edition firmware 9.0, 8.1, and earlier specifies Allow for the Default Author...

CWE-8632009

CVE-2011-3617

MEDIUM
CVSS:6.5(Medium)

Tahoe-LAFS v1.3.0 through v1.8.2 could allow unauthorized users to delete immutable files in some cases.

CWE-8632011

CVE-2014-0169

MEDIUM
CVSS:6.5(Medium)

In JBoss EAP 6 a security domain is configured to use a cache that is shared between all applications that are in the security domain. This could allow an authenticated user in one application to acce...

CWE-8632014

CVE-2015-1780

MEDIUM
CVSS:6.5(Medium)

oVirt users with MANIPULATE_STORAGE_DOMAIN permissions can attach a storage domain to any data-center

CWE-8632015

CVE-2016-3131

MEDIUM
CVSS:6.5(Medium)

Cloudera CDH before 5.6.1 allows authorization bypass via direct internal API calls.

CWE-8632016

CVE-2016-6353

MEDIUM
CVSS:6.5(Medium)

Cloudera Search in CDH before 5.7.0 allows unauthorized document access because Solr Queries by document id can bypass Sentry document-level security via the RealTimeGetHandler.

CWE-8632016