4.3

CVE-2017-2611

Jenkins before versions 2.44, 2.32.2 is vulnerable to an insufficient permission check for periodic processes (SECURITY-389). The URLs /workspaceCleanup and /fingerprintCleanup did not perform permission checks, allowing users with read access to Jenkins to trigger these background processes (that are otherwise performed daily), possibly causing additional load on Jenkins master and agents.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
JenkinsJenkins SwEditionlts Version < 2.32.2
JenkinsJenkins Version < 2.44
RedhatOpenshift Version2.0 SwEditionenterprise
RedhatOpenshift Version3.0 SwEditionenterprise
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.07% 0.79
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.3 2.8 1.4
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
nvd@nist.gov 4 8 2.9
AV:N/AC:L/Au:S/C:N/I:N/A:P
secalert@redhat.com 4.3 2.8 1.4
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
CWE-358 Improperly Implemented Security Check for Standard

The product does not implement or incorrectly implements one or more security-relevant checks as specified by the design of a standardized algorithm, protocol, or technique.

CWE-863 Incorrect Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.

https://jenkins.io/security/advisory/2017-02-01/
Vendor Advisory
http://www.securityfocus.com/bid/95956
Third Party Advisory
VDB Entry
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2611
Third Party Advisory
Issue Tracking
https://github.com/jenkinsci/jenkins/commit/97a61a9fe55f4c16168c123f98301a5173b9fa86
Third Party Advisory