---

CVE-2018-1999004 - log back

CVE-2018-1999004 created at 25 Sep 2019 19:31:40
Severity	+ Medium
Remote	+ Remote
Type	+ Access restriction bypass
Description	+ The URL that initiates agent launches on the Jenkins master before 2.133 did not perform a permission check, allowing users with Overall/Read permission to initiate agent launches. + Doing so canceled all ongoing launches for the specified agent, so this allowed attackers to prevent an agent from launching indefinitely.
References	+ https://jenkins.io/security/advisory/2018-07-18/
Notes