Insufficient Permission Check in Jenkins by CloudBees
CVE-2017-2599

5.4MEDIUM

Key Information:

Vendor

[unknown]

Status
Jenkins
Vendor
CVE Published:
11 April 2018

What is CVE-2017-2599?

Jenkins prior to versions 2.44 and 2.32.2 is vulnerable to a flaw that allows users with permission to create new items, such as jobs, to inadvertently overwrite existing items that should be beyond their access rights. This security oversight can lead to unauthorized modifications and potential data integrity issues. Users are advised to update to the latest versions to mitigate this risk.

Affected Version(s)

jenkins jenkins 2.44

jenkins jenkins 2.32.2

References

http://www.securityfocus.com/bid/95949
vdb-entryx_refsource_BID
https://jenkins.io/security/advisory/2017-02-01/
x_refsource_CONFIRM
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2599
x_refsource_CONFIRM

CVSS V3.1

Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.