Unauthenticated Build Triggering Vulnerability in Jenkins Pipeline: Build Step Plugin
CVE-2017-1000089 · MEDIUM Severity
AV:N/AC:L/AU:N/C:N/I:P/A:N
Builds in Jenkins are associated with an authentication that controls the permissions that the build has to interact with other elements in Jenkins. The Pipeline: Build Step Plugin did not check the build authentication it was running as and allowed triggering any other project in Jenkins.
Learn more about our Web Application Penetration Testing UK.