4.3
CVE-2017-1000087
- EPSS 0.02%
- Veröffentlicht 05.10.2017 01:29:03
- Zuletzt bearbeitet 20.04.2025 01:37:25
- Quelle cve@mitre.org
- Teams Watchlist Login
- Unerledigt Login
GitHub Branch Source provides a list of applicable credential IDs to allow users configuring a job to select the one they'd like to use. This functionality did not check permissions, allowing any user with Overall/Read permission to get a list of valid credentials IDs. Those could be used as part of an attack to capture the credentials using another vulnerability.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Jenkins ≫ Github Branch Source SwPlatformjenkins Version <= 2.0.7
Jenkins ≫ Github Branch Source Version0.1 Updatebeta-1 SwPlatformjenkins
Jenkins ≫ Github Branch Source Version0.1 Updatebeta-2 SwPlatformjenkins
Jenkins ≫ Github Branch Source Version0.1 Updatebeta-3 SwPlatformjenkins
Jenkins ≫ Github Branch Source Version0.1 Updatebeta-4 SwPlatformjenkins
Jenkins ≫ Github Branch Source Version1.0 SwPlatformjenkins
Jenkins ≫ Github Branch Source Version1.1 SwPlatformjenkins
Jenkins ≫ Github Branch Source Version1.2 SwPlatformjenkins
Jenkins ≫ Github Branch Source Version1.3 SwPlatformjenkins
Jenkins ≫ Github Branch Source Version1.4 SwPlatformjenkins
Jenkins ≫ Github Branch Source Version1.4 Updatebeta-1 SwPlatformjenkins
Jenkins ≫ Github Branch Source Version1.5 SwPlatformjenkins
Jenkins ≫ Github Branch Source Version1.6 SwPlatformjenkins
Jenkins ≫ Github Branch Source Version1.7 SwPlatformjenkins
Jenkins ≫ Github Branch Source Version1.8 SwPlatformjenkins
Jenkins ≫ Github Branch Source Version1.8.1 SwPlatformjenkins
Jenkins ≫ Github Branch Source Version1.9 SwPlatformjenkins
Jenkins ≫ Github Branch Source Version1.10 SwPlatformjenkins
Jenkins ≫ Github Branch Source Version2.0.0 SwPlatformjenkins
Jenkins ≫ Github Branch Source Version2.0.0 Updatebeta-1 SwPlatformjenkins
Jenkins ≫ Github Branch Source Version2.0.0 Updatebeta-2 SwPlatformjenkins
Jenkins ≫ Github Branch Source Version2.0.1 SwPlatformjenkins
Jenkins ≫ Github Branch Source Version2.0.1 Updatebeta-1 SwPlatformjenkins
Jenkins ≫ Github Branch Source Version2.0.1 Updatebeta-2 SwPlatformjenkins
Jenkins ≫ Github Branch Source Version2.0.1 Updatebeta-3 SwPlatformjenkins
Jenkins ≫ Github Branch Source Version2.0.1 Updatebeta-4 SwPlatformjenkins
Jenkins ≫ Github Branch Source Version2.0.1 Updatebeta-5 SwPlatformjenkins
Jenkins ≫ Github Branch Source Version2.0.1 Updatebeta-6 SwPlatformjenkins
Jenkins ≫ Github Branch Source Version2.0.2 SwPlatformjenkins
Jenkins ≫ Github Branch Source Version2.0.3 SwPlatformjenkins
Jenkins ≫ Github Branch Source Version2.0.4 SwPlatformjenkins
Jenkins ≫ Github Branch Source Version2.0.4 Updatebeta-1 SwPlatformjenkins
Jenkins ≫ Github Branch Source Version2.0.5 SwPlatformjenkins
Jenkins ≫ Github Branch Source Version2.0.6 SwPlatformjenkins
Jenkins ≫ Github Branch Source Version2.2.0 SwPlatformjenkins
Jenkins ≫ Github Branch Source Version2.2.0 Updatealpha-1 SwPlatformjenkins
Jenkins ≫ Github Branch Source Version2.2.0 Updatealpha-2 SwPlatformjenkins
Jenkins ≫ Github Branch Source Version2.2.0 Updatealpha-3 SwPlatformjenkins
Jenkins ≫ Github Branch Source Version2.2.0 Updatealpha-4 SwPlatformjenkins
Jenkins ≫ Github Branch Source Version2.2.0 Updatebeta-1 SwPlatformjenkins
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.02% | 0.036 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4.3 | 2.8 | 1.4 |
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
|
| nvd@nist.gov | 4 | 8 | 2.9 |
AV:N/AC:L/Au:S/C:P/I:N/A:N
|
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.