com.synopsys.jenkinsci:ownership

vulnerable: 0.1.0 ... 0.9.1 (16 versions)

An improper authorization vulnerability exists in Jenkins Job and Node Ownership Plugin 0.11.0 and earlier in OwnershipDescription.java, JobOwnerJobProperty.java, and OwnerNodeProperty.java that allow an attacker with Job/Configure or Comp…

vulnerable: 0.1.0 ... 0.9.1 (19 versions)

Jenkins Job and Node ownership Plugin 0.13.0 and earlier does not escape the names of the secondary owners, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.

vulnerable: 0.1.0 ... 0.9.1 (19 versions)

A cross-site request forgery (CSRF) vulnerability in Jenkins Job and Node ownership Plugin 0.13.0 and earlier allows attackers to change the owners and item-specific permissions of a job.

vulnerable: 0.1.0 ... 0.9.1 (19 versions)

A missing permission check in Jenkins Job and Node ownership Plugin 0.13.0 and earlier allows attackers with Item/Read permission to change the owners and item-specific permissions of a job.

vulnerable: 0.1.0 ... 0.9.1 (19 versions)

A cross-site request forgery (CSRF) vulnerability in Jenkins Job and Node ownership Plugin 0.13.0 and earlier allows attackers to restore the default ownership of a job.