6.5

CVSS Score

3.0

Basic Information

CVE ID

CVE-2018-1000107

GHSA ID

GHSA-72x3-c7jc-q35x

EPSS Score

0.03792%

CWE

CWE-285

Published

5/13/2022

Updated

12/18/2023

KEV Status

Technology

Java

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2018-1000107

CVE-2018-1000107: Improper authorization in Jenkins Job and Node Ownership Plugin

An improper authorization vulnerability exists in Jenkins Job and Node Ownership Plugin 0.11.0 and earlier in

OwnershipDescription.java, 
JobOwnerJobProperty.java, 
and OwnerNodeProperty.java

that allow an attacker with Job/Configure or Computer/Configure permission and without Ownership related permissions to override ownership metadata.

(GitHub Advisory)

6.5

CVSS Score

3.0

Basic Information

CVE ID

CVE-2018-1000107

GHSA ID

GHSA-72x3-c7jc-q35x

EPSS Score

0.03792%

CWE

CWE-285

Published

5/13/2022

Updated

12/18/2023

KEV Status

Technology

Java

Technical Details

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
com.synopsys.jenkinsci:ownership	maven	< 0.12.0	0.12.0

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability is related to improper authorization during the deserialization of ownership descriptions. The patch introduces a checkUnsecuredConfiguration method to verify permissions, indicating that the previous version was vulnerable due to a lack of such checks. The readResolve method is directly related to deserialization and is thus identified as vulnerable.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

*n improp*r *ut*oriz*tion vuln*r**ility *xists in J*nkins Jo* *n* No** Own*rs*ip Plu*in *.**.* *n* **rli*r in ``` Own*rs*ip**s*ription.j*v*, Jo*Own*rJo*Prop*rty.j*v*, *n* Own*rNo**Prop*rty.j*v* ``` t**t *llow *n *tt**k*r wit* Jo*/*on*i*ur* or *om

Reasoning

T** vuln*r**ility is r*l*t** to improp*r *ut*oriz*tion *urin* t** **s*ri*liz*tion o* own*rs*ip **s*riptions. T** p*t** intro*u**s * `****kUns**ur***on*i*ur*tion` m*t*o* to v*ri*y p*rmissions, in*i**tin* t**t t** pr*vious v*rsion w*s vuln*r**l* *u* to

6.5

Basic Information

Concerned about an active attack path?

CVE-2018-1000107: Improper authorization in Jenkins Job and Node Ownership Plugin

6.5

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI