Jenkins before versions 2.44, 2.32.2 is vulnerable to an insufficient permission check for periodic processes (SECURITY-389). The URLs /workspaceCleanup and /fingerprintCleanup did not perform permission checks, allowing users with read access to Jenkins to trigger these background processes (that are otherwise performed daily), possibly causing additional load on Jenkins master and agents.
References
Link | Resource |
---|---|
http://www.securityfocus.com/bid/95956 | Third Party Advisory VDB Entry |
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2611 | Issue Tracking Third Party Advisory |
https://github.com/jenkinsci/jenkins/commit/97a61a9fe55f4c16168c123f98301a5173b9fa86 | Third Party Advisory |
https://jenkins.io/security/advisory/2017-02-01/ | Vendor Advisory |
Configurations
History
No history.
Information
Published : 2018-05-08 18:29
Updated : 2024-02-28 16:25
NVD link : CVE-2017-2611
Mitre link : CVE-2017-2611
CVE.ORG link : CVE-2017-2611
JSON object : View
Products Affected
redhat
- openshift
jenkins
- jenkins