-
Bug
-
Resolution: Won't Do
-
Blocker
-
None
Since version 4.0.0 of the plugin "OWASP Dependency-Check" in every project using quartz, we see the following vulnerability:
/WEB-INF/lib/quartz-2.3.0.jar , CVE-2017-2604 , Severity: Medium
In Jenkins before versions 2.44, 2.32.2 low privilege users were able to act on administrative
monitors due to them not being consistently protected by permission checks (SECURITY-371).
These projects dose not use jenkins dependencies.
Workaround: downgrade plugin to 3.3.4.