PT-2018-7129 · Cloudbees+1 · Jenkins

Jesse Glick

Published

2018-05-15

Updated

2022-05-13

CVE-2017-2602

CVSS v3.1

4.3

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Name of the Vulnerable Software and Affected Versions: Jenkins versions prior to 2.44 Jenkins versions prior to 2.32.2

Description: The issue is related to an improper blacklisting of the Pipeline metadata files in the agent-to-master security subsystem. This could allow metadata files to be written to by malicious agents.

Recommendations: For versions prior to 2.44, update to version 2.44 or later. For versions prior to 2.32.2, update to version 2.32.2 or later.

Fix

Incomplete List of Disallowed Inputs

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-184

Related Identifiers

CVE-2017-2602

GHSA-FFGG-VPHH-V273

Affected Products

Jenkins

PT-2018-7129 · Cloudbees+1 · Jenkins

CVE-2017-2602

Weakness Enumeration

Related Identifiers

Affected Products

References · 8