Repository Configuration Vulnerability in Jenkins Blue Ocean Plugin
CVE-2017-1000110

4.3MEDIUM

Key Information:

Vendor: Jenkins
Status: Blue Ocean
Vendor: CVE Published:; 5 October 2017

Summary

The Blue Ocean plugin for Jenkins contains a vulnerability that arises from improper authentication and authorization checks when configuring GitHub organization folders. This flaw permits users with merely read access to the folder to alter configurations, potentially redirecting GitHub API requests to malicious servers. This could allow an attacker to capture sensitive information such as GitHub access tokens, posing significant security risks to the CI/CD pipelines associated with the affected GitHub organizations.

References

https://jenkins.io/security/advisory/2017-08-07/

x_refsource_CONFIRM

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Oct 5, 2017