4.3
CVE-2017-1000087
- EPSS 0.02%
- Published 05.10.2017 01:29:03
- Last modified 20.04.2025 01:37:25
- Source cve@mitre.org
- Teams watchlist Login
- Open Login
GitHub Branch Source provides a list of applicable credential IDs to allow users configuring a job to select the one they'd like to use. This functionality did not check permissions, allowing any user with Overall/Read permission to get a list of valid credentials IDs. Those could be used as part of an attack to capture the credentials using another vulnerability.
Data is provided by the National Vulnerability Database (NVD)
Jenkins ≫ Github Branch Source SwPlatformjenkins Version <= 2.0.7
Jenkins ≫ Github Branch Source Version0.1 Updatebeta-1 SwPlatformjenkins
Jenkins ≫ Github Branch Source Version0.1 Updatebeta-2 SwPlatformjenkins
Jenkins ≫ Github Branch Source Version0.1 Updatebeta-3 SwPlatformjenkins
Jenkins ≫ Github Branch Source Version0.1 Updatebeta-4 SwPlatformjenkins
Jenkins ≫ Github Branch Source Version1.0 SwPlatformjenkins
Jenkins ≫ Github Branch Source Version1.1 SwPlatformjenkins
Jenkins ≫ Github Branch Source Version1.2 SwPlatformjenkins
Jenkins ≫ Github Branch Source Version1.3 SwPlatformjenkins
Jenkins ≫ Github Branch Source Version1.4 SwPlatformjenkins
Jenkins ≫ Github Branch Source Version1.4 Updatebeta-1 SwPlatformjenkins
Jenkins ≫ Github Branch Source Version1.5 SwPlatformjenkins
Jenkins ≫ Github Branch Source Version1.6 SwPlatformjenkins
Jenkins ≫ Github Branch Source Version1.7 SwPlatformjenkins
Jenkins ≫ Github Branch Source Version1.8 SwPlatformjenkins
Jenkins ≫ Github Branch Source Version1.8.1 SwPlatformjenkins
Jenkins ≫ Github Branch Source Version1.9 SwPlatformjenkins
Jenkins ≫ Github Branch Source Version1.10 SwPlatformjenkins
Jenkins ≫ Github Branch Source Version2.0.0 SwPlatformjenkins
Jenkins ≫ Github Branch Source Version2.0.0 Updatebeta-1 SwPlatformjenkins
Jenkins ≫ Github Branch Source Version2.0.0 Updatebeta-2 SwPlatformjenkins
Jenkins ≫ Github Branch Source Version2.0.1 SwPlatformjenkins
Jenkins ≫ Github Branch Source Version2.0.1 Updatebeta-1 SwPlatformjenkins
Jenkins ≫ Github Branch Source Version2.0.1 Updatebeta-2 SwPlatformjenkins
Jenkins ≫ Github Branch Source Version2.0.1 Updatebeta-3 SwPlatformjenkins
Jenkins ≫ Github Branch Source Version2.0.1 Updatebeta-4 SwPlatformjenkins
Jenkins ≫ Github Branch Source Version2.0.1 Updatebeta-5 SwPlatformjenkins
Jenkins ≫ Github Branch Source Version2.0.1 Updatebeta-6 SwPlatformjenkins
Jenkins ≫ Github Branch Source Version2.0.2 SwPlatformjenkins
Jenkins ≫ Github Branch Source Version2.0.3 SwPlatformjenkins
Jenkins ≫ Github Branch Source Version2.0.4 SwPlatformjenkins
Jenkins ≫ Github Branch Source Version2.0.4 Updatebeta-1 SwPlatformjenkins
Jenkins ≫ Github Branch Source Version2.0.5 SwPlatformjenkins
Jenkins ≫ Github Branch Source Version2.0.6 SwPlatformjenkins
Jenkins ≫ Github Branch Source Version2.2.0 SwPlatformjenkins
Jenkins ≫ Github Branch Source Version2.2.0 Updatealpha-1 SwPlatformjenkins
Jenkins ≫ Github Branch Source Version2.2.0 Updatealpha-2 SwPlatformjenkins
Jenkins ≫ Github Branch Source Version2.2.0 Updatealpha-3 SwPlatformjenkins
Jenkins ≫ Github Branch Source Version2.2.0 Updatealpha-4 SwPlatformjenkins
Jenkins ≫ Github Branch Source Version2.2.0 Updatebeta-1 SwPlatformjenkins
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.02% | 0.036 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 4.3 | 2.8 | 1.4 |
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
|
| nvd@nist.gov | 4 | 8 | 2.9 |
AV:N/AC:L/Au:S/C:P/I:N/A:N
|
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.