Jenkins before versions 2.44, 2.32.2 is vulnerable to an insufficient permission check for periodic processes (SECURITY-389). The URLs /workspaceCleanup and /fingerprintCleanup did not perform permission checks, allowing users with read access to Jenkins to trigger these background processes (that are otherwise performed daily), possibly causing additional load on Jenkins master and agents.
References
Link | Resource |
---|---|
http://www.securityfocus.com/bid/95956 | Third Party Advisory VDB Entry |
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2611 | Issue Tracking Third Party Advisory |
https://github.com/jenkinsci/jenkins/commit/97a61a9fe55f4c16168c123f98301a5173b9fa86 | Third Party Advisory |
https://jenkins.io/security/advisory/2017-02-01/ | Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: redhat
Published: 2018-05-08T18:00:00
Updated: 2018-05-09T09:57:01
Reserved: 2016-12-01T00:00:00
Link: CVE-2017-2611
JSON object: View
NVD Information
Status : Analyzed
Published: 2018-05-08T18:29:00.310
Modified: 2020-09-09T14:56:06.503
Link: CVE-2017-2611
JSON object: View
Redhat Information
No data.