CVE-2018-1999003 log

Source
Severity Medium
Remote Yes
Type Access restriction bypass
Description
The URLs handling cancellation of queued builds in Jenkins before 2.133 did not perform a permission check, allowing users with Overall/Read permission to cancel queued builds.
Group Package Affected Fixed Severity Status Ticket
AVG-738 jenkins 2.132-1 2.133-1 High Fixed
Date Advisory Group Package Severity Type
21 Jul 2018 ASA-201807-14 AVG-738 jenkins High multiple issues
References
https://jenkins.io/security/advisory/2018-07-18/