Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS13ajVjLWo2NTYtaDVmd84AARcr
Exposure of Sensitive Information to an Unauthorized Actor in Jenkins
In Jenkins before versions 2.44 and 2.32.2, node monitor data could be viewed by low privilege users via the remote API. These included system configuration and runtime information of these nodes (SECURITY-343).
Permalink: https://github.com/advisories/GHSA-wj5c-j656-h5fwJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS13ajVjLWo2NTYtaDVmd84AARcr
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: almost 2 years ago
Updated: about 1 year ago
CVSS Score: 4.3
CVSS vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Identifiers: GHSA-wj5c-j656-h5fw, CVE-2017-2600
References:
- https://nvd.nist.gov/vuln/detail/CVE-2017-2600
- https://github.com/jenkinsci/jenkins/commit/0f92cd08a19207de2cceb6a2f4e3e9f92fdc0899
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2600
- https://jenkins.io/security/advisory/2017-02-01/
- https://github.com/advisories/GHSA-wj5c-j656-h5fw
Blast Radius: 1.0
Affected Packages
maven:org.jenkins-ci.main:jenkins-core
Affected Version Ranges: >= 2.34, <= 2.43, <= 2.32.1Fixed in: 2.44, 2.32.2