CVE-2017-1000242

Description

Jenkins Git Client Plugin 2.4.2 and earlier creates temporary file with insecure permissions resulting in information disclosure

Affected packages (1)

• Maven/org.jenkins-ci.plugins:git-clientfrom 0, < 2.4.3

CVSS scores

References (5)

• ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2017-1000242
• PATCHhttps://github.com/jenkinsci/git-client-plugin
• WEBhttps://github.com/jenkinsci/git-client-plugin/commit/75ea3fe05650fc6ca09046a72493e2b3f066fb98
• WEBhttps://jenkins.io/security/advisory/2017-04-27
• WEBhttp://www.securityfocus.com/bid/101940