Unauthenticated Access to Resume Build in Jenkins Multijob Plugin

Unauthenticated Access to Resume Build in Jenkins Multijob Plugin

CVE-2017-1000390 · MEDIUM Severity

AV:N/AC:L/AU:S/C:N/I:P/A:N

Jenkins Multijob plugin version 1.25 and earlier did not check permissions in the Resume Build action, allowing anyone with Job/Read permission to resume the build.

Learn more about our Web Application Penetration Testing UK.