GHSA-7j3x-xm4j-jfj7
GitHub Security Advisory
Missing permission checks in Jenkins Warnings Next Generation Plugin allow listing workspace contents
✓ GitHub Reviewed
MODERATE
Has CVE
Advisory Details
Jenkins Warnings Next Generation Plugin 8.4.4 and earlier does not perform permission checks in methods implementing form validation.
This allows attackers with Item/Read permission but without Item/Workspace or Item/Configure permission to check whether attacker-specified file patterns match workspace contents. A sequence of requests can be used to effectively list workspace contents.
Jenkins Warnings Next Generation Plugin 8.5.0 requires Item/Configure permission to validate patterns with workspace contents.
Affected Packages
Maven
io.jenkins.plugins:warnings-ng
Affected versions:
0
(fixed in 8.5.0)
Related CVEs
Key Information
5.0
/10
Dataset
Last updated: July 6, 2025 6:30 AM
Data from GitHub Advisory Database. This information is provided for research and educational purposes.