CVE-2017-2598

描述

Jenkins before versions 2.44 and 2.32.2 uses AES ECB block cipher mode without IV for encrypting secrets which makes Jenkins and the stored secrets vulnerable to unnecessary risks (SECURITY-304).

受影響套件(1)

• Maven/org.jenkins-ci.main:jenkins-corefrom 0, < 2.32.2

CVSS 分數

參考連結(5)

• ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2017-2598
• PATCHhttps://github.com/jenkinsci/jenkins
• WEBhttps://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2598
• WEBhttps://github.com/jenkinsci/jenkins/commit/e6aa166246d1734f4798a9e31f78842f4c85c28b
• WEBhttps://jenkins.io/security/advisory/2017-02-01