Jenkins before versions 2.44, 2.32.2 is vulnerable to an insufficient permission check for periodic processes (SECURITY-389). The URLs /workspaceCleanup and /fingerprintCleanup did not perform permission checks, allowing users with read access to Jenkins to trigger these background processes (that are otherwise performed daily), possibly causing additional load on Jenkins master and agents.
References
Link | Resource |
---|---|
http://www.securityfocus.com/bid/95956 | Third Party Advisory VDB Entry |
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2611 | Issue Tracking Third Party Advisory |
https://github.com/jenkinsci/jenkins/commit/97a61a9fe55f4c16168c123f98301a5173b9fa86 | Third Party Advisory |
https://jenkins.io/security/advisory/2017-02-01/ | Vendor Advisory |
http://www.securityfocus.com/bid/95956 | Third Party Advisory VDB Entry |
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2611 | Issue Tracking Third Party Advisory |
https://github.com/jenkinsci/jenkins/commit/97a61a9fe55f4c16168c123f98301a5173b9fa86 | Third Party Advisory |
https://jenkins.io/security/advisory/2017-02-01/ | Vendor Advisory |
Configurations
History
21 Nov 2024, 03:23
Type | Values Removed | Values Added |
---|---|---|
References | () http://www.securityfocus.com/bid/95956 - Third Party Advisory, VDB Entry | |
References | () https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2611 - Issue Tracking, Third Party Advisory | |
References | () https://github.com/jenkinsci/jenkins/commit/97a61a9fe55f4c16168c123f98301a5173b9fa86 - Third Party Advisory | |
References | () https://jenkins.io/security/advisory/2017-02-01/ - Vendor Advisory |
Information
Published : 2018-05-08 18:29
Updated : 2024-11-21 03:23
NVD link : CVE-2017-2611
Mitre link : CVE-2017-2611
CVE.ORG link : CVE-2017-2611
JSON object : View
Products Affected
jenkins
- jenkins
redhat
- openshift