{"id":"CVE-2018-1000114","details":"An improper authorization vulnerability exists in Jenkins Promoted Builds Plugin 2.31.1 and earlier in Status.java and ManualCondition.java that allow an attacker with read access to jobs to perform promotions.","aliases":["GHSA-9rx5-w522-5fh7"],"modified":"2026-03-14T02:47:17.371278Z","published":"2018-03-13T13:29:00.843Z","references":[{"type":"ADVISORY","url":"https://jenkins.io/security/advisory/2018-02-26/#SECURITY-746"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/jenkinsci/promoted-builds-plugin","events":[{"introduced":"0"},{"last_affected":"9eb455083bdf3cc058f399d34ba5f580699c8092"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"2.31.1"}]}}],"versions":["promoted-builds-1.11","promoted-builds-2.0","promoted-builds-2.1","promoted-builds-2.10","promoted-builds-2.11","promoted-builds-2.12","promoted-builds-2.13","promoted-builds-2.14","promoted-builds-2.15","promoted-builds-2.16","promoted-builds-2.17","promoted-builds-2.18","promoted-builds-2.19","promoted-builds-2.2","promoted-builds-2.20","promoted-builds-2.21","promoted-builds-2.22","promoted-builds-2.22-beta1","promoted-builds-2.23","promoted-builds-2.23.1","promoted-builds-2.24","promoted-builds-2.24.1","promoted-builds-2.25","promoted-builds-2.26","promoted-builds-2.27","promoted-builds-2.28","promoted-builds-2.28.1","promoted-builds-2.29","promoted-builds-2.29.1","promoted-builds-2.3","promoted-builds-2.3.1","promoted-builds-2.30","promoted-builds-2.31","promoted-builds-2.31.1","promoted-builds-2.4","promoted-builds-2.5","promoted-builds-2.6","promoted-builds-2.6.1","promoted-builds-2.6.2","promoted-builds-2.7","promoted-builds-2.8","promoted-builds-2.9"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-1000114.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"}]}