Insecure File Permissions in Jenkins Git Client Plugin by Jenkins
CVE-2017-1000242

3.3LOW

Key Information:

Vendor: Jenkins
Status: Git Client
Vendor: CVE Published:; 1 November 2017

Summary

The Jenkins Git Client Plugin versions 2.4.2 and earlier are susceptible to a vulnerability where temporary files are created with insecure permissions. This misconfiguration can potentially allow unauthorized users to access sensitive information, leading to information disclosure incidents. Users of this plugin are encouraged to upgrade to the latest version to mitigate risks associated with this vulnerability.

References

http://www.securityfocus.com/bid/101940

vdb-entryx_refsource_BID

https://jenkins.io/security/advisory/2017-04-27/

x_refsource_CONFIRM

CVSS V3.1

Score:

3.3

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 1, 2017
Vulnerability Reserved
Nov 1, 2017