4.3

CVSS Score

3.0

Basic Information

CVE ID

CVE-2018-1000114

GHSA ID

GHSA-9rx5-w522-5fh7

EPSS Score

0.07093%

CWE

CWE-863

Published

5/13/2022

Updated

1/30/2024

KEV Status

Technology

Java

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2018-1000114

CVE-2018-1000114:
Jenkins Promoted Builds Plugin allowed unauthorized users to run some promotion processes

An improper authorization vulnerability exists in Jenkins Promoted Builds Plugin 2.31.1 and earlier in Status.java and ManualCondition.java that allow an attacker with read access to jobs to perform promotions.

(GitHub Advisory)

4.3

CVSS Score

3.0

Basic Information

CVE ID

CVE-2018-1000114

GHSA ID

GHSA-9rx5-w522-5fh7

EPSS Score

0.07093%

CWE

CWE-863

Published

5/13/2022

Updated

1/30/2024

KEV Status

Technology

Java

Technical Details

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
org.jenkins-ci.plugins:promoted-builds	maven	<= 2.31.1	3.0

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability stems from missing authorization checks in promotion approval/execution flows. Status.java handles promotion actions via doApprove()/doRestart() endpoints, while ManualCondition.java governs approval logic. The advisory specifically calls out these files and describes missing permission checks for users with only Job.Read access. The functions identified are the entry points for promotion operations that lacked proper security controls in vulnerable versions.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

*n improp*r *ut*oriz*tion vuln*r**ility *xists in J*nkins Promot** *uil*s Plu*in *.**.* *n* **rli*r in St*tus.j*v* *n* M*nu*l*on*ition.j*v* t**t *llow *n *tt**k*r wit* r*** ****ss to jo*s to p*r*orm promotions.

Reasoning

T** vuln*r**ility st*ms *rom missin* *ut*oriz*tion ****ks in promotion *pprov*l/*x**ution *lows. `St*tus.j*v*` **n*l*s promotion **tions vi* `*o*pprov*()`/`*oR*st*rt()` *n*points, w*il* `M*nu*l*on*ition.j*v*` *ov*rns *pprov*l lo*i*. T** **visory sp**

4.3

Basic Information

Concerned about an active attack path?

CVE-2018-1000114: Jenkins Promoted Builds Plugin allowed unauthorized users to run some promotion processes

4.3

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

CVE-2018-1000114:
Jenkins Promoted Builds Plugin allowed unauthorized users to run some promotion processes

Vulnerability Intelligence
Miggo AI