Medium severity4.3NVD Advisory· Published Nov 1, 2017· Updated May 13, 2026

CVE-2017-1000243

Description

Jenkins Favorite Plugin 2.1.4 and older does not perform permission checks when changing favorite status, allowing any user to set any other user's favorites

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
org.jvnet.hudson.plugins:favoriteMaven	< 2.3.0	2.3.0

Affected products

Jenkins/Favorite Plugin
cpe:2.3:a:jenkins:favorite_plugin:*:*:*:*:*:jenkins:*:*
Range: <=2.1.4

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/advisories/GHSA-268v-2qq7-84pfghsaADVISORY
jenkins.io/security/advisory/2017-06-06/nvdVendor Advisory
nvd.nist.gov/vuln/detail/CVE-2017-1000243ghsaADVISORY
www.securityfocus.com/bid/101946nvdWEB
jenkins.io/security/advisory/2017-06-06ghsaWEB

News mentions

No linked articles in our index yet.

cvss	0.280
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000