Repository Configuration Vulnerability in Jenkins Blue Ocean Plugin
CVE-2017-1000110
4.3MEDIUM
What is CVE-2017-1000110?
The Blue Ocean plugin for Jenkins contains a vulnerability that arises from improper authentication and authorization checks when configuring GitHub organization folders. This flaw permits users with merely read access to the folder to alter configurations, potentially redirecting GitHub API requests to malicious servers. This could allow an attacker to capture sensitive information such as GitHub access tokens, posing significant security risks to the CI/CD pipelines associated with the affected GitHub organizations.
Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.
Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.
References
CVSS V3.1
Score:
4.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability Reserved
Vulnerability published