Publish GHSA-phf8-3qgv-rg5q

advisories/github-reviewed/2022/05/GHSA-phf8-3qgv-rg5q/GHSA-phf8-3qgv-rg5q.json

@@ -1,17 +1,17 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-phf8-3qgv-rg5q",
-  "modified": "2022-11-01T23:02:55Z",
+  "modified": "2025-01-17T17:10:19Z",
   "published": "2022-05-13T01:18:20Z",
   "aliases": [
     "CVE-2017-1000105"
   ],
   "summary": "Missing Authorization in Jenkins Blue Ocean Plugin",
-  "details": "The optional Run/Artifacts permission can be enabled by setting a Java system property. Blue Ocean did not check this permission before providing access to archived artifacts, Item/Read permission was sufficient.",
+  "details": "The optional Run/Artifacts permission can be enabled by setting a Java system property.\n\nBlue Ocean did not check this permission before providing access to archived artifacts, Item/Read permission was sufficient.\n\nBlue Ocean now correctly checks the Run/Artifacts permission if it’s enabled before providing access to artifacts.",
   "severity": [
     {
       "type": "CVSS_V3",
-      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"
+      "score": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"
     }
   ],
   "affected": [