PT-2018-7131 · Cloudbees+1 · Jenkins

Daniel Beck

·

Publicado

2018-05-15

·

Atualizado

2022-05-13

·

CVE-2017-2604

CVSS v3.1

4.3

Média

VetorAV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Name of the Vulnerable Software and Affected Versions: Jenkins versions prior to 2.44 Jenkins versions prior to 2.32.2
Description: The issue allows low privilege users to act on administrative monitors due to inconsistent protection by permission checks.
Recommendations: For versions prior to 2.44, update to version 2.44 or later. For versions prior to 2.32.2, update to version 2.32.2 or later.

Correção

Improperly Implemented Security Check for Standard

Improper Authentication

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-358CWE-287

Identificadores relacionados

CVE-2017-2604
GHSA-M93H-5QMX-PPHG

Produtos afetados

Jenkins