Jenkins Warnings Next Generation Plugin 8.4.4 and earlier does not perform a permission check in methods implementing form validation, allowing attackers with Item/Read permission but without Item/Workspace or Item/Configure permission to check whether attacker-specified file patterns match workspace contents.
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| io.jenkins.plugins:warnings-ng(Maven) | 0 | 8.5.0 | N/A |
CVSS Metrics
