CVE-2017-2611

Jenkins before versions 2.44, 2.32.2 is vulnerable to an insufficient permission check for periodic processes (SECURITY-389). The URLs /workspaceCleanup and /fingerprintCleanup did not perform permission checks, allowing users with read access to Jenkins to trigger these background processes (that are otherwise performed daily), possibly causing additional load on Jenkins master and agents.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*
cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:a:redhat:openshift:2.0:*:*:*:enterprise:*:*:*
cpe:2.3:a:redhat:openshift:3.0:*:*:*:enterprise:*:*:*

History

21 Nov 2024, 03:23

Type Values Removed Values Added
References () http://www.securityfocus.com/bid/95956 - Third Party Advisory, VDB Entry () http://www.securityfocus.com/bid/95956 - Third Party Advisory, VDB Entry
References () https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2611 - Issue Tracking, Third Party Advisory () https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2611 - Issue Tracking, Third Party Advisory
References () https://github.com/jenkinsci/jenkins/commit/97a61a9fe55f4c16168c123f98301a5173b9fa86 - Third Party Advisory () https://github.com/jenkinsci/jenkins/commit/97a61a9fe55f4c16168c123f98301a5173b9fa86 - Third Party Advisory
References () https://jenkins.io/security/advisory/2017-02-01/ - Vendor Advisory () https://jenkins.io/security/advisory/2017-02-01/ - Vendor Advisory

Information

Published : 2018-05-08 18:29

Updated : 2024-11-21 03:23


NVD link : CVE-2017-2611

Mitre link : CVE-2017-2611

CVE.ORG link : CVE-2017-2611


JSON object : View

Products Affected

jenkins

  • jenkins

redhat

  • openshift
CWE
CWE-358

Improperly Implemented Security Check for Standard

CWE-863

Incorrect Authorization