Authorization Flaw in Jenkins Affects JDK Download Credentials
CVE-2017-2612

5.4MEDIUM

Key Information:

Vendor: [unknown]
Status: Jenkins
Vendor: CVE Published:; 15 May 2018

🔔 Create [unknown] Vulnerability Alert

What is CVE-2017-2612?

In Jenkins, prior to versions 2.44 and 2.32.2, an authorization flaw existed that allowed low privilege users to override JDK download credentials. This vulnerability may lead to scenarios where future builds could fail due to the inability to download necessary JDK files, disrupting build processes and jeopardizing software development workflows.

Affected Version(s)

jenkins jenkins 2.44

jenkins jenkins 2.32.2

References

https://jenkins.io/security/advisory/2017-02-01/

x_refsource_CONFIRM

https://github.com/jenkinsci/jenkins/commit/a814154695e23...

x_refsource_CONFIRM

http://www.securityfocus.com/bid/95957

vdb-entryx_refsource_BID

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 15, 2018
Vulnerability Reserved
Dec 1, 2016

CVE-2017-2612 Data

.