CVE-2017-1000110

Name of the Vulnerable Software and Affected Versions Blue Ocean (affected versions not specified)

Description The issue concerns the improper checking of user authentication and authorization in Blue Ocean when configuring existing GitHub organization folders. This allows users with read access to reconfigure the folder, potentially changing the GitHub API endpoint to an attacker-controlled server. This could result in the exposure of the GitHub access token if the organization folder was initially created using Blue Ocean.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.