CVE-2017-1000084

EPSS 0.04%
Published 05.10.2017 01:29:03
Last modified 20.04.2025 01:37:25
Source cve@mitre.org
Teams watchlist Login
Open Login

Parameterized Trigger Plugin fails to check Item/Build permission: The Parameterized Trigger Plugin did not check the build authentication it was running as and allowed triggering any other project in Jenkins.

Affected products Warnungen 0 Metrics 3 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Jenkins ≫ Parameterized Trigger Version1.0 SwPlatformjenkins

Jenkins ≫ Parameterized Trigger Version1.1 SwPlatformjenkins

Jenkins ≫ Parameterized Trigger Version1.2 SwPlatformjenkins

Jenkins ≫ Parameterized Trigger Version1.3 SwPlatformjenkins

Jenkins ≫ Parameterized Trigger Version1.4 SwPlatformjenkins

Jenkins ≫ Parameterized Trigger Version1.5 SwPlatformjenkins

Jenkins ≫ Parameterized Trigger Version1.6 SwPlatformjenkins

Jenkins ≫ Parameterized Trigger Version2.0 SwPlatformjenkins

Jenkins ≫ Parameterized Trigger Version2.1 SwPlatformjenkins

Jenkins ≫ Parameterized Trigger Version2.2 SwPlatformjenkins

Jenkins ≫ Parameterized Trigger Version2.3 SwPlatformjenkins

Jenkins ≫ Parameterized Trigger Version2.4 SwPlatformjenkins

Jenkins ≫ Parameterized Trigger Version2.5 SwPlatformjenkins

Jenkins ≫ Parameterized Trigger Version2.6 SwPlatformjenkins

Jenkins ≫ Parameterized Trigger Version2.7 SwPlatformjenkins

Jenkins ≫ Parameterized Trigger Version2.8 SwPlatformjenkins

Jenkins ≫ Parameterized Trigger Version2.9 SwPlatformjenkins

Jenkins ≫ Parameterized Trigger Version2.10 SwPlatformjenkins

Jenkins ≫ Parameterized Trigger Version2.11 SwPlatformjenkins

Jenkins ≫ Parameterized Trigger Version2.12 SwPlatformjenkins

Jenkins ≫ Parameterized Trigger Version2.13 SwPlatformjenkins

Jenkins ≫ Parameterized Trigger Version2.14 SwPlatformjenkins

Jenkins ≫ Parameterized Trigger Version2.15 SwPlatformjenkins

Jenkins ≫ Parameterized Trigger Version2.16 SwPlatformjenkins

Jenkins ≫ Parameterized Trigger Version2.17 SwPlatformjenkins

Jenkins ≫ Parameterized Trigger Version2.18 SwPlatformjenkins

Jenkins ≫ Parameterized Trigger Version2.19 SwPlatformjenkins

Jenkins ≫ Parameterized Trigger Version2.20 SwPlatformjenkins

Jenkins ≫ Parameterized Trigger Version2.21 SwPlatformjenkins

Jenkins ≫ Parameterized Trigger Version2.22 SwPlatformjenkins

Jenkins ≫ Parameterized Trigger Version2.23 SwPlatformjenkins

Jenkins ≫ Parameterized Trigger Version2.24 SwPlatformjenkins

Jenkins ≫ Parameterized Trigger Version2.25 SwPlatformjenkins

Jenkins ≫ Parameterized Trigger Version2.26 SwPlatformjenkins

Jenkins ≫ Parameterized Trigger Version2.27 SwPlatformjenkins

Jenkins ≫ Parameterized Trigger Version2.28 SwPlatformjenkins

Jenkins ≫ Parameterized Trigger Version2.29 SwPlatformjenkins

Jenkins ≫ Parameterized Trigger Version2.30 SwPlatformjenkins

Jenkins ≫ Parameterized Trigger Version2.31 SwPlatformjenkins

Jenkins ≫ Parameterized Trigger Version2.32 SwPlatformjenkins

Jenkins ≫ Parameterized Trigger Version2.33 SwPlatformjenkins

Jenkins ≫ Parameterized Trigger Version2.34 SwPlatformjenkins

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.04%	0.081

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	6.5	2.8	3.6	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
nvd@nist.gov	4	8	2.9	AV:N/AC:L/Au:S/C:N/I:P/A:N

CWE-276 Incorrect Default Permissions

During installation, installed file permissions are set to allow anyone to modify those files.

https://jenkins.io/security/advisory/2017-07-10/

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2017-1000084

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2017-1000084

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2017-1000084

EUVD