PT-2017-10935 · Jenkins · Jenkins Git Client Plugin+1

Steven Christou

·

Published

2017-11-01

·

Updated

2022-05-17

·

CVE-2017-1000242

CVSS v3.1

3.3

Low

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Name of the Vulnerable Software and Affected Versions Jenkins Git Client Plugin version 2.4.2 and earlier
Description The issue results in information disclosure due to the creation of a temporary file with insecure permissions.
Recommendations For Jenkins Git Client Plugin version 2.4.2 and earlier, update to a version later than 2.4.2 to resolve the issue.

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

CVE-2017-1000242
GHSA-FCXW-HHXQ-48WX

Affected Products

Jenkins
Jenkins Git Client Plugin