CVE-2017-2599

EPSS 0.16%
Veröffentlicht 11.04.2018 16:29:00
Zuletzt bearbeitet 21.11.2024 03:23:48
Quelle secalert@redhat.com
CVE-Watchlists
Login
Unerledigt
Login

Jenkins before versions 2.44 and 2.32.2 is vulnerable to an insufficient permission check. This allows users with permissions to create new items (e.g. jobs) to overwrite existing items they don't have access to (SECURITY-321).

Betroffene Produkte Warnungen 0 Metriken 4 CWE 1 Referenzen 7

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Jenkins ≫ Jenkins SwEditionlts Version < 2.32.2

Jenkins ≫ Jenkins Version < 2.44

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.16%	0.38

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.4	2.8	2.5	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
nvd@nist.gov	5.5	8	4.9	AV:N/AC:L/Au:S/C:P/I:P/A:N
secalert@redhat.com	5.4	2.8	2.5	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

CWE-863 Incorrect Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.

https://jenkins.io/security/advisory/2017-02-01/

Vendor Advisory

http://www.securityfocus.com/bid/95949

Third Party Advisory

VDB Entry

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2599

Third Party Advisory

Issue Tracking

https://github.com/jenkinsci/jenkins/commit/4ed5c850b6855ab064a66d02fb338f366853ce89

Patch

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2017-2599

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2017-2599

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2017-2599

EUVD