Improper Blacklisting Vulnerability in Jenkins by CloudBees
CVE-2017-2602

3.1LOW

Key Information:

Vendor

[unknown]

Status
Jenkins
Vendor
CVE Published:
15 May 2018

What is CVE-2017-2602?

An improper blacklisting issue exists in Jenkins that affects the agent-to-master security subsystem. Versions before 2.44, including 2.32.2, may allow malicious agents to write unauthorized Pipeline metadata files. This could lead to exposure of sensitive data or manipulation of the build process. It is crucial for users to upgrade to the latest versions to mitigate any potential risks associated with this vulnerability.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

jenkins jenkins 2.44

jenkins jenkins 2.32.2

References

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2602
x_refsource_CONFIRM
https://jenkins.io/security/advisory/2017-02-01/
x_refsource_CONFIRM
https://github.com/jenkinsci/jenkins/commit/414ff7e30aba6...
x_refsource_CONFIRM

CVSS V3.1

Score:
3.1
Severity:
LOW
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.