CVE-2017-2611

Jenkins before versions 2.44, 2.32.2 is vulnerable to an insufficient permission check for periodic processes (SECURITY-389). The URLs /workspaceCleanup and /fingerprintCleanup did not perform permission checks, allowing users with read access to Jenkins to trigger these background processes (that are otherwise performed daily), possibly causing additional load on Jenkins master and agents.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*
cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:a:redhat:openshift:2.0:*:*:*:enterprise:*:*:*
cpe:2.3:a:redhat:openshift:3.0:*:*:*:enterprise:*:*:*

History

No history.

Information

Published : 2018-05-08 18:29

Updated : 2024-02-28 16:25


NVD link : CVE-2017-2611

Mitre link : CVE-2017-2611

CVE.ORG link : CVE-2017-2611


JSON object : View

Products Affected

redhat

  • openshift

jenkins

  • jenkins
CWE
CWE-863

Incorrect Authorization

CWE-358

Improperly Implemented Security Check for Standard