CVE-2017-2611

EPSS 0.29%
Veröffentlicht 08.05.2018 18:29:00
Zuletzt bearbeitet 21.11.2024 03:23:49
Quelle secalert@redhat.com
Teams Watchlist Login
Unerledigt Login

Jenkins before versions 2.44, 2.32.2 is vulnerable to an insufficient permission check for periodic processes (SECURITY-389). The URLs /workspaceCleanup and /fingerprintCleanup did not perform permission checks, allowing users with read access to Jenkins to trigger these background processes (that are otherwise performed daily), possibly causing additional load on Jenkins master and agents.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 2 Referenzen 7

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Jenkins ≫ Jenkins SwEditionlts Version < 2.32.2

Jenkins ≫ Jenkins Version < 2.44

Redhat ≫ Openshift Version2.0 SwEditionenterprise

Redhat ≫ Openshift Version3.0 SwEditionenterprise

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.29%	0.524

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	4.3	2.8	1.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
nvd@nist.gov	4	8	2.9	AV:N/AC:L/Au:S/C:N/I:N/A:P
secalert@redhat.com	4.3	2.8	1.4	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

CWE-358 Improperly Implemented Security Check for Standard

The product does not implement or incorrectly implements one or more security-relevant checks as specified by the design of a standardized algorithm, protocol, or technique.

CWE-863 Incorrect Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.

https://jenkins.io/security/advisory/2017-02-01/

Vendor Advisory

http://www.securityfocus.com/bid/95956

Third Party Advisory

VDB Entry

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2611

Third Party Advisory

Issue Tracking

https://github.com/jenkinsci/jenkins/commit/97a61a9fe55f4c16168c123f98301a5173b9fa86

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2017-2611

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2017-2611

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2017-2611

EUVD