CVE-2017-2612

Опубликовано: 15 мая 2018

Источник: debian

EPSS Низкий

Описание

In Jenkins before versions 2.44, 2.32.2 low privilege users were able to override JDK download credentials (SECURITY-392), resulting in future builds possibly failing to download a JDK.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
jenkins	removed			package

Примечания

https://jenkins.io/security/advisory/2017-02-01/

EPSS

Процентиль: 31%

0.00119

Низкий

Связанные уязвимости

CVE-2017-2612

CVSS3: 5.4

ubuntu

больше 7 лет назад

In Jenkins before versions 2.44, 2.32.2 low privilege users were able to override JDK download credentials (SECURITY-392), resulting in future builds possibly failing to download a JDK.

CVE-2017-2612

CVSS3: 5.4

redhat

около 9 лет назад

In Jenkins before versions 2.44, 2.32.2 low privilege users were able to override JDK download credentials (SECURITY-392), resulting in future builds possibly failing to download a JDK.

CVE-2017-2612

CVSS3: 5.4

nvd

больше 7 лет назад

In Jenkins before versions 2.44, 2.32.2 low privilege users were able to override JDK download credentials (SECURITY-392), resulting in future builds possibly failing to download a JDK.

GHSA-wf9g-rh76-6jvr

CVSS3: 5.4

github

больше 3 лет назад

Incorrect Permission Assignment for Critical Resource in Jenkins

EPSS

Процентиль: 31%

0.00119

Низкий