8

CVE-2017-1000086

EPSS 0.09%
Published 05.10.2017 01:29:03
Last modified 20.04.2025 01:37:25
Source cve@mitre.org
Teams watchlist Login
Open Login

The Periodic Backup Plugin did not perform any permission checks, allowing any user with Overall/Read access to change its settings, trigger backups, restore backups, download backups, and also delete all previous backups via log rotation. Additionally, the plugin was not requiring requests to its API be sent via POST, thereby opening itself to Cross-Site Request Forgery attacks.

Affected products Warnungen 0 Metrics 3 CWE 1 References 5

Data is provided by the National Vulnerability Database (NVD)

Jenkins ≫ Periodic Backup Version1.0 SwPlatformjenkins

Jenkins ≫ Periodic Backup Version1.1 SwPlatformjenkins

Jenkins ≫ Periodic Backup Version1.2 SwPlatformjenkins

Jenkins ≫ Periodic Backup Version1.3 SwPlatformjenkins

Jenkins ≫ Periodic Backup Version1.4 SwPlatformjenkins

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.09%	0.266

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	8	2.1	5.9	CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
nvd@nist.gov	6	6.8	6.4	AV:N/AC:M/Au:S/C:P/I:P/A:P

CWE-862 Missing Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

https://jenkins.io/security/advisory/2017-07-10/

Vendor Advisory

http://www.securityfocus.com/bid/100437

Third Party Advisory

VDB Entry

https://nvd.nist.gov/vuln/detail/CVE-2017-1000086

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2017-1000086

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2017-1000086

EUVD