PT-2018-5266 · Jenkins · Jenkins

Jesse Glick

Publicado

2018-01-24

Atualizado

2022-05-14

CVE-2017-1000502

CVSS v2.0

9.0

Alta

Vetor

AV:N/AC:L/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Jenkins versions 1.37 and earlier

Description The issue allows users with certain permissions to configure an EC2 agent in a way that it can run arbitrary shell commands on the master node. This can happen whenever the agent is supposed to be launched. The configuration of these agents now requires a specific permission, typically only granted to administrators.

Recommendations For Jenkins versions 1.37 and earlier, ensure that the configuration of EC2 agents is restricted to users with the 'Run Scripts' permission, typically only granted to administrators, to prevent unauthorized access and potential exploitation.

Correção

OS Command Injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-78

Identificadores relacionados

CVE-2017-1000502

GHSA-WP79-CPV2-9G7M

Produtos afetados

Jenkins

PT-2018-5266 · Jenkins · Jenkins

CVE-2017-1000502

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 4