Cross-Site Request Forgery Vulnerability in Jenkins by CloudBees
CVE-2017-2613

5.4MEDIUM

Key Information:

Vendor

[unknown]

Status
Jenkins
Vendor
CVE Published:
15 May 2018

What is CVE-2017-2613?

An issue affecting Jenkins prior to versions 2.44 and 2.32.2 allows administrators' web browsers to be exploited through a Cross-Site Request Forgery (CSRF) attack. Using a crafted GET request, unauthorized user records can be created. Although these records typically reside only until a server restart, the potential to generate numerous accounts poses a security risk that administrators must be aware of.

Affected Version(s)

jenkins jenkins 2.44

jenkins jenkins 2.32.2

References

https://jenkins.io/security/advisory/2017-02-01/
x_refsource_CONFIRM
https://github.com/jenkinsci/jenkins/commit/b88b20ec47320...
x_refsource_CONFIRM
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2613
x_refsource_CONFIRM

CVSS V3.1

Score:
5.4
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.