Jenkins Blue Ocean Archive Item Access Vulnerability by CloudBees
CVE-2017-1000105

5.3MEDIUM

Key Information:

Vendor

Jenkins
Status
Blue Ocean
Vendor
CVE Published:
5 October 2017

What is CVE-2017-1000105?

A vulnerability in Jenkins Blue Ocean allows users with the Item/Read permission to access archived artifacts without the necessary Run/Artifacts permission check. This security flaw results from insufficient validation of user permissions when accessing certain features, potentially exposing sensitive data. Administrators are advised to review and manage user permissions to mitigate unauthorized access.

References

https://jenkins.io/security/advisory/2017-08-07/
x_refsource_CONFIRM

CVSS V3.1

Score:
5.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability Reserved

  • Vulnerability published

.