CVE-2017-1000502

Опубликовано: 24 янв. 2018

Источник: nvd

CVSS3: 8.8

CVSS2: 9

EPSS Низкий

Описание

Users with permission to create or configure agents in Jenkins 1.37 and earlier could configure an EC2 agent to run arbitrary shell commands on the master node whenever the agent was supposed to be launched. Configuration of these agents now requires the 'Run Scripts' permission typically only granted to administrators.

Ссылки

https://jenkins.io/security/advisory/2017-12-06/
Vendor Advisory
https://jenkins.io/security/advisory/2017-12-06/
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:jenkins:ec2:*:*:*:*:*:jenkins:*:*

Версия до 1.37 (включая)

EPSS

Процентиль: 71%

0.00674

Низкий

8.8 High

CVSS3

9 Critical

CVSS2

Дефекты

CWE-78

Связанные уязвимости

CVE-2017-1000502

CVSS3: 9.9

redhat

около 8 лет назад

CVE-2017-1000502

CVSS3: 8.8

debian

около 8 лет назад

Users with permission to create or configure agents in Jenkins 1.37 an ...

GHSA-wp79-cpv2-9g7m

CVSS3: 8.8

github

больше 3 лет назад

Arbitrary shell command execution in Jenkins EC2 Plugin

EPSS

Процентиль: 71%

0.00674

Низкий

8.8 High

CVSS3

9 Critical

CVSS2

Дефекты

CWE-78