CVE-2017-2612

Опубликовано: 01 фев. 2017

Источник: redhat

CVSS3: 5.4

Описание

In Jenkins before versions 2.44, 2.32.2 low privilege users were able to override JDK download credentials (SECURITY-392), resulting in future builds possibly failing to download a JDK.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat OpenShift Enterprise 2	jenkins	Under investigation
Red Hat OpenShift Enterprise 3	jenkins	Under investigation

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-358

https://bugzilla.redhat.com/show_bug.cgi?id=1418730jenkins: Low privilege users were able to override JDK download credentials (SECURITY-392)

5.4 Medium

CVSS3

Связанные уязвимости

CVE-2017-2612

CVSS3: 5.4

ubuntu

больше 7 лет назад

In Jenkins before versions 2.44, 2.32.2 low privilege users were able to override JDK download credentials (SECURITY-392), resulting in future builds possibly failing to download a JDK.

CVE-2017-2612

CVSS3: 5.4

nvd

больше 7 лет назад

In Jenkins before versions 2.44, 2.32.2 low privilege users were able to override JDK download credentials (SECURITY-392), resulting in future builds possibly failing to download a JDK.

CVE-2017-2612

CVSS3: 5.4

debian

больше 7 лет назад

In Jenkins before versions 2.44, 2.32.2 low privilege users were able ...

GHSA-wf9g-rh76-6jvr

CVSS3: 5.4

github

больше 3 лет назад

Incorrect Permission Assignment for Critical Resource in Jenkins

5.4 Medium

CVSS3