A missing permission check in Jenkins Job and Node ownership Plugin 0.13.0 and earlier allows attackers with Item/Read permission to change the owners and item-specific permissions of a job.

Affected Packages

Maven com.synopsys.jenkinsci:ownership

Affected versions: 0 (last affected: 0.13.0)

Related CVEs

CVE-2022-28151

Key Information

GHSA ID

GHSA-25f2-wgxj-ph29

Published

March 30, 2022 12:00 AM

Last Modified

November 30, 2022 8:53 PM

CVSS Score

5.0 /10

Primary Ecosystem

Maven

Primary Package

com.synopsys.jenkinsci:ownership

GitHub Reviewed

✓ Yes

Dataset

Last updated: July 5, 2025 6:26 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.