[Forgot Password]
Login  Register Subscribe

25354

 
 

132804

 
 

134312

 
 

909

 
 

108836

 
 

152

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML view JSON

CVE-2017-2611Date: (C)2018-05-10   (M)2019-11-16


Jenkins before versions 2.44, 2.32.2 is vulnerable to an insufficient permission check for periodic processes (SECURITY-389). The URLs /workspaceCleanup and /fingerprintCleanup did not perform permission checks, allowing users with read access to Jenkins to trigger these background processes (that are otherwise performed daily), possibly causing additional load on Jenkins master and agents.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V3 Severity:CVSS V2 Severity:
CVSS Score : 4.3CVSS Score : 4.0
Exploit Score: 2.8Exploit Score: 8.0
Impact Score: 1.4Impact Score: 2.9
 
CVSS V3 Metrics:CVSS V2 Metrics:
Attack Vector: NETWORKAccess Vector: NETWORK
Attack Complexity: LOWAccess Complexity: LOW
Privileges Required: LOWAuthentication:
User Interaction: NONEConfidentiality: NONE
Scope: UNCHANGEDIntegrity: NONE
Confidentiality: NONEAvailability: PARTIAL
Integrity: NONE 
Availability: LOW 
  
Reference:
BID-95956
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2611
https://github.com/jenkinsci/jenkins/commit/97a61a9fe55f4c16168c123f98301a5173b9fa86
https://jenkins.io/security/advisory/2017-02-01/

CPE    705
cpe:/a:jenkins:jenkins:1.290
cpe:/a:jenkins:jenkins:1.291
cpe:/a:jenkins:jenkins:1.285
cpe:/a:jenkins:jenkins:1.286
...
CWE    1
CWE-269
OVAL    2
oval:org.secpod.oval:def:55966
oval:org.secpod.oval:def:55605

© SecPod Technologies