GHSA-5xv9-gp22-gqm5
GitHub Security Advisory
Missing permission checks in Jenkins Maven Cascade Release Plugin
✓ GitHub Reviewed
MODERATE
Has CVE
Advisory Details
Jenkins Maven Cascade Release Plugin 1.3.2 and earlier does not perform permission checks in several HTTP endpoints, allowing attackers with Overall/Read permission to start cascade builds and layout builds, and reconfigure the plugin.
Affected Packages
Maven
com.barchart.jenkins:maven-release-cascade
Affected versions:
0
(last affected: 1.3.2)
Related CVEs
Key Information
5.0
/10
Dataset
Last updated: August 25, 2025 6:33 AM
Data from GitHub Advisory Database. This information is provided for research and educational purposes.