Jenkins versions 2.88 and earlier and 2.73.2 and earlier stores metadata related to 'people', which encompasses actual user accounts, as well as users appearing in SCM, in directories corresponding to the user ID on disk. These directories used the user ID for their name without additional escaping, potentially resulting in problems like overwriting of unrelated configuration files.
References
Link | Resource |
---|---|
http://www.securityfocus.com/bid/101773 | Third Party Advisory VDB Entry |
https://jenkins.io/security/advisory/2017-11-08/ | Vendor Advisory |
http://www.securityfocus.com/bid/101773 | Third Party Advisory VDB Entry |
https://jenkins.io/security/advisory/2017-11-08/ | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 03:04
Type | Values Removed | Values Added |
---|---|---|
References | () http://www.securityfocus.com/bid/101773 - Third Party Advisory, VDB Entry | |
References | () https://jenkins.io/security/advisory/2017-11-08/ - Vendor Advisory |
Information
Published : 2018-01-26 02:29
Updated : 2024-11-21 03:04
NVD link : CVE-2017-1000391
Mitre link : CVE-2017-1000391
CVE.ORG link : CVE-2017-1000391
JSON object : View
Products Affected
jenkins
- jenkins
CWE
CWE-20
Improper Input Validation