CVE-2017-2600 - OpenCVE

In jenkins before versions 2.44, 2.32.2 node monitor data could be viewed by low privilege users via the remote API. These included system configuration and runtime information of these nodes (SECURITY-343).

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:L/Au:S/C:P/I:N/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Jenkins	Jenkins

Configuration 1 [-]

cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*

Configuration 2 [-]

cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*

References

Link	Resource
http://www.securityfocus.com/bid/95954	Third Party Advisory VDB Entry
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2600	Issue Tracking Patch
https://github.com/jenkinsci/jenkins/commit/0f92cd08a19207de2cceb6a2f4e3e9f92fdc0899	Patch
https://jenkins.io/security/advisory/2017-02-01/	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: redhat

Published: 2018-05-15T20:00:00

Updated: 2018-05-16T09:57:01

Reserved: 2016-12-01T00:00:00

Link: CVE-2017-2600

JSON object: View

NVD Information

Status : Modified

Published: 2018-05-15T20:29:00.213

Modified: 2019-10-09T23:26:54.553

Link: CVE-2017-2600

JSON object: View

Redhat Information

No data.

CWE

{"containers": {"cna": {"affected": [{"product": "jenkins", "vendor": "[UNKNOWN]", "versions": [{"status": "affected", "version": "jenkins 2.44"}, {"status": "affected", "version": "jenkins 2.32.2"}]}], "datePublic": "2017-02-01T00:00:00", "descriptions": [{"lang": "en", "value": "In jenkins before versions 2.44, 2.32.2 node monitor data could be viewed by low privilege users via the remote API. These included system configuration and runtime information of these nodes (SECURITY-343)."}], "metrics": [{"cvssV3_0": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.0"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-325", "description": "CWE-325", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2018-05-16T09:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://jenkins.io/security/advisory/2017-02-01/"}, {"name": "95954", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/95954"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2600"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/jenkinsci/jenkins/commit/0f92cd08a19207de2cceb6a2f4e3e9f92fdc0899"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2017-2600", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "jenkins", "version": {"version_data": [{"version_value": "jenkins 2.44"}, {"version_value": "jenkins 2.32.2"}]}}]}, "vendor_name": "[UNKNOWN]"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "In jenkins before versions 2.44, 2.32.2 node monitor data could be viewed by low privilege users via the remote API. These included system configuration and runtime information of these nodes (SECURITY-343)."}]}, "impact": {"cvss": [[{"vectorString": "4.3/CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.0"}]]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-325"}]}]}, "references": {"reference_data": [{"name": "https://jenkins.io/security/advisory/2017-02-01/", "refsource": "CONFIRM", "url": "https://jenkins.io/security/advisory/2017-02-01/"}, {"name": "95954", "refsource": "BID", "url": "http://www.securityfocus.com/bid/95954"}, {"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2600", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2600"}, {"name": "https://github.com/jenkinsci/jenkins/commit/0f92cd08a19207de2cceb6a2f4e3e9f92fdc0899", "refsource": "CONFIRM", "url": "https://github.com/jenkinsci/jenkins/commit/0f92cd08a19207de2cceb6a2f4e3e9f92fdc0899"}]}}}}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2017-2600", "datePublished": "2018-05-15T20:00:00", "dateReserved": "2016-12-01T00:00:00", "dateUpdated": "2018-05-16T09:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*", "matchCriteriaId": "D4595374-F7F2-43D5-BB78-37E8377B1E45", "versionEndExcluding": "2.44", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*", "matchCriteriaId": "F1F48E96-6C2B-4773-98A4-BFF626A0811F", "versionEndExcluding": "2.32.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "In jenkins before versions 2.44, 2.32.2 node monitor data could be viewed by low privilege users via the remote API. These included system configuration and runtime information of these nodes (SECURITY-343)."}, {"lang": "es", "value": "En Jenkins en versiones anteriores a la 2.44 y 2.32.2, los usuarios con privilegios bajos podr\u00edan visualizar los datos del monitor de nodos mediante la API remota. Estos datos incluyen la configuraci\u00f3n del sistema y la informaci\u00f3n de arranque de estos nodos (SECURITY-343)."}], "id": "CVE-2017-2600", "lastModified": "2019-10-09T23:26:54.553", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "secalert@redhat.com", "type": "Secondary"}]}, "published": "2018-05-15T20:29:00.213", "references": [{"source": "secalert@redhat.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/95954"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Patch"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2600"}, {"source": "secalert@redhat.com", "tags": ["Patch"], "url": "https://github.com/jenkinsci/jenkins/commit/0f92cd08a19207de2cceb6a2f4e3e9f92fdc0899"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "https://jenkins.io/security/advisory/2017-02-01/"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-325"}], "source": "secalert@redhat.com", "type": "Secondary"}]}