CVE-2017-2598

Опубликовано: 23 мая 2018

Источник: debian

EPSS Низкий

Описание

Jenkins before versions 2.44, 2.32.2 uses AES ECB block cipher mode without IV for encrypting secrets which makes Jenkins and the stored secrets vulnerable to unnecessary risks (SECURITY-304).

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
jenkins	removed			package

Примечания

https://jenkins.io/security/advisory/2017-02-01/

EPSS

Процентиль: 19%

0.00059

Низкий

Связанные уязвимости

CVE-2017-2598

CVSS3: 4.3

ubuntu

больше 7 лет назад

Jenkins before versions 2.44, 2.32.2 uses AES ECB block cipher mode without IV for encrypting secrets which makes Jenkins and the stored secrets vulnerable to unnecessary risks (SECURITY-304).

CVE-2017-2598

CVSS3: 4.3

redhat

около 9 лет назад

Jenkins before versions 2.44, 2.32.2 uses AES ECB block cipher mode without IV for encrypting secrets which makes Jenkins and the stored secrets vulnerable to unnecessary risks (SECURITY-304).

CVE-2017-2598

CVSS3: 4.3

nvd

больше 7 лет назад

Jenkins before versions 2.44, 2.32.2 uses AES ECB block cipher mode without IV for encrypting secrets which makes Jenkins and the stored secrets vulnerable to unnecessary risks (SECURITY-304).

GHSA-r9q2-3r6x-qmgp

CVSS3: 4.3

github

больше 3 лет назад

Inadequate Encryption Strength in Jenkins

EPSS

Процентиль: 19%

0.00059

Низкий