Permission Misconfiguration in Jenkins Subversion Plugin
CVE-2017-1000085

6.5MEDIUM

Key Information:

Vendor: Jenkins
Status: Subversion
Vendor: CVE Published:; 4 October 2017

Summary

The Jenkins Subversion Plugin connects to a user-defined Subversion repository during form validation which can lead to improper permission checks. This vulnerability enables users with limited permissions (Item/Build) to access both web and Subversion servers, potentially exposing sensitive credentials due to the lack of required POST requests. Attackers could exploit this weakness via Cross-Site Request Forgery attacks, further compromising the integrity of the system.

References

http://www.securityfocus.com/bid/99574

vdb-entryx_refsource_BID

https://jenkins.io/security/advisory/2017-07-10/

x_refsource_CONFIRM

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Oct 4, 2017
Vulnerability Reserved
Jul 13, 2017