GHSA-x55p-6526-xmmp

Опубликовано: 13 мая 2022

Источник: github

Github: Прошло ревью

CVSS3: 3.5

Описание

Exposure of Sensitive Information to an Unauthorized Actor in Jenkins

Jenkins before versions 2.44 and 2.32.2 is vulnerable to a user data leak in disconnected agents' config.xml API. This could leak sensitive data such as API tokens (SECURITY-362).

Ссылки

Пакеты

Наименование

org.jenkins-ci.main:jenkins-core

maven

Затронутые версииВерсия исправления

<= 2.32.1

2.32.2

Наименование

org.jenkins-ci.main:jenkins-core

maven

Затронутые версииВерсия исправления

>= 2.34, <= 2.43

2.44

EPSS

Процентиль: 6%

0.00023

Низкий

3.5 Low

CVSS3

CVE ID

CVE-2017-2603

Дефекты

CWE-200

Связанные уязвимости

CVE-2017-2603

CVSS3: 2.6

ubuntu

больше 7 лет назад

Jenkins before versions 2.44, 2.32.2 is vulnerable to a user data leak in disconnected agents' config.xml API. This could leak sensitive data such as API tokens (SECURITY-362).

CVE-2017-2603

CVSS3: 2.6

redhat

около 9 лет назад

Jenkins before versions 2.44, 2.32.2 is vulnerable to a user data leak in disconnected agents' config.xml API. This could leak sensitive data such as API tokens (SECURITY-362).

CVE-2017-2603

CVSS3: 2.6

nvd

больше 7 лет назад

Jenkins before versions 2.44, 2.32.2 is vulnerable to a user data leak in disconnected agents' config.xml API. This could leak sensitive data such as API tokens (SECURITY-362).

CVE-2017-2603

CVSS3: 2.6

debian

больше 7 лет назад

Jenkins before versions 2.44, 2.32.2 is vulnerable to a user data leak ...

EPSS

Процентиль: 6%

0.00023

Низкий

3.5 Low

CVSS3

CVE ID

CVE-2017-2603

Дефекты

CWE-200