{"id":"CVE-2017-1000089","details":"Builds in Jenkins are associated with an authentication that controls the permissions that the build has to interact with other elements in Jenkins. The Pipeline: Build Step Plugin did not check the build authentication it was running as and allowed triggering any other project in Jenkins.","aliases":["GHSA-8jx9-7j5m-79x4"],"modified":"2026-03-14T09:23:37.266521Z","published":"2017-10-05T01:29:03.667Z","references":[{"type":"ADVISORY","url":"https://jenkins.io/security/advisory/2017-07-10/"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/jenkinsci/pipeline-build-step-plugin","events":[{"introduced":"0"},{"last_affected":"7ae8bc8b5e232c830f83e02b4c8bc4a4df00067d"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"2.5"}]}}],"versions":["pipeline-build-step-2.0","pipeline-build-step-2.1","pipeline-build-step-2.2","pipeline-build-step-2.3","pipeline-build-step-2.4","pipeline-build-step-2.5"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-1000089.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"}]}