Some downstream jobs links were randomly removed from its upstream job.
From the job config history, it showed the user apparently made some changes on the job config and removed the downstream jobs link, however the person does not have a permission to update the job configuration (based on project security).

The users however made some changes on other un-related jobs that he has the permission and the job config showed a correct report of what changes he made on a project that he has the permission to modify the job config.

Here is the scenarios:
Upstream project: Proj1
Downstream projects: Proj2, Proj3
User A does not have permission to modify any of Proj1, Proj2 or Proj3 job config.

User A made some job config changes on Proj4 which has no relation with Proj1, Proj2 or Proj3.
For some reason, User A appeared on the job config history on the Proj1 and the history showed that he removed the Downstream Proj2 and Proj3 (which he does not have any permission to do that).

Not sure if this is a bug related to the JobConfigHistory Plugin (ver 1.11)? or problem with the jenkins 1.404.
Could it be the same bug as reported on https://issues.jenkins-ci.org/browse/JENKINS-5265?

Any feedback is very much appreciated.

Thanks,
amargono