GHSA-6xhf-xx3j-75f5
GitHub Security Advisory
Incorrect Authorization in Jenkins requests-plugin
✓ GitHub Reviewed
MODERATE
Has CVE
Advisory Details
An incorrect permission check in Jenkins requests-plugin Plugin 2.2.16 and earlier allows attackers with Overall/Read permission to view the list of pending requests. requests-plugin Plugin 2.2.17 requires Overall/Administer permission to view the list of pending requests.
This is basically the same vulnerability as [SECURITY-1995](https://www.jenkins.io/security/advisory/2021-06-30/#SECURITY-1995), whose fix was ineffective.
requests-plugin Plugin 2.2.17 requires Overall/Administer permission to view the list of pending requests.
Affected Packages
Maven
org.jenkins-ci.plugins:requests
Affected versions:
0
(fixed in 2.2.17)
Related CVEs
Key Information
5.0
/10
Dataset
Last updated: July 5, 2025 6:26 AM
Data from GitHub Advisory Database. This information is provided for research and educational purposes.