CVE-2017-2611

MEDIUM4.3EPSS 0.29%

Incorrect Authorization in Jenkins Core

發布日:2022/5/13修改日:2024/2/16

描述

Jenkins before versions before 2.44 are vulnerable to an insufficient permission check for periodic processes (SECURITY-389). The URLs /workspaceCleanup and /fingerprintCleanup did not perform permission checks, allowing users with read access to Jenkins to trigger these background processes (that are otherwise performed daily), possibly causing additional load on Jenkins master and agents.

受影響套件(1)

Maven/org.jenkins-ci.main:jenkins-corefrom 0, < 2.44

CVSS 分數

來源	版本	嚴重程度	向量
osv	CVSS 3.1	MEDIUM4.3	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

參考連結(5)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2017-2611
WEBhttps://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2611
WEBhttps://github.com/jenkinsci/jenkins/commit/97a61a9fe55f4c16168c123f98301a5173b9fa86
WEBhttps://jenkins.io/security/advisory/2017-02-01
WEBhttp://www.securityfocus.com/bid/95956