Unauthenticated Build Triggering Vulnerability in Jenkins Pipeline: Build Step Plugin

Unauthenticated Build Triggering Vulnerability in Jenkins Pipeline: Build Step Plugin

CVE-2017-1000089 · MEDIUM Severity

AV:N/AC:L/AU:N/C:N/I:P/A:N

Builds in Jenkins are associated with an authentication that controls the permissions that the build has to interact with other elements in Jenkins. The Pipeline: Build Step Plugin did not check the build authentication it was running as and allowed triggering any other project in Jenkins.

Learn more about our Web Application Penetration Testing UK.