CVE-2017-2598

Опубликовано: 01 фев. 2017

Источник: redhat

CVSS3: 4.3

Описание

Jenkins before versions 2.44, 2.32.2 uses AES ECB block cipher mode without IV for encrypting secrets which makes Jenkins and the stored secrets vulnerable to unnecessary risks (SECURITY-304).

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat OpenShift Enterprise 2	jenkins	Under investigation
Red Hat OpenShift Enterprise 3	jenkins	Under investigation

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-325

https://bugzilla.redhat.com/show_bug.cgi?id=1418696jenkins: Use of AES ECB block cipher mode without IV for encrypting secrets (SECURITY-304)

4.3 Medium

CVSS3

Связанные уязвимости

CVE-2017-2598

CVSS3: 4.3

ubuntu

больше 7 лет назад

Jenkins before versions 2.44, 2.32.2 uses AES ECB block cipher mode without IV for encrypting secrets which makes Jenkins and the stored secrets vulnerable to unnecessary risks (SECURITY-304).

CVE-2017-2598

CVSS3: 4.3

nvd

больше 7 лет назад

Jenkins before versions 2.44, 2.32.2 uses AES ECB block cipher mode without IV for encrypting secrets which makes Jenkins and the stored secrets vulnerable to unnecessary risks (SECURITY-304).

CVE-2017-2598

CVSS3: 4.3

debian

больше 7 лет назад

Jenkins before versions 2.44, 2.32.2 uses AES ECB block cipher mode wi ...

GHSA-r9q2-3r6x-qmgp

CVSS3: 4.3

github

больше 3 лет назад

Inadequate Encryption Strength in Jenkins

4.3 Medium

CVSS3