CVE-2017-1000106

Name of the Vulnerable Software and Affected Versions Blue Ocean (affected versions not specified)

Description The issue concerns the SCM content REST API in Blue Ocean, which does not properly check user authentication or credentials. This allows users with read access to a GitHub organization folder to create arbitrary commits in the corresponding repositories using the creator's GitHub credentials. Additionally, these users can read arbitrary file contents from the repositories if a branch contains a Jenkinsfile, by providing the organization folder name, repository name, branch name, and file name.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.