CVE-2018-1999004 log

Severity Medium
Remote Yes
Type Access restriction bypass
The URL that initiates agent launches on the Jenkins master before 2.133 did not perform a permission check, allowing users with Overall/Read permission to initiate agent launches.
Doing so canceled all ongoing launches for the specified agent, so this allowed attackers to prevent an agent from launching indefinitely.
Group Package Affected Fixed Severity Status Ticket
AVG-738 jenkins 2.132-1 2.133-1 High Fixed
Date Advisory Group Package Severity Type
21 Jul 2018 ASA-201807-14 AVG-738 jenkins High multiple issues