CVE-2017-2599 – org.jenkins-ci.main:jenkins-core

Package

Manager: maven
Name: org.jenkins-ci.main:jenkins-core
Vulnerable Version: >=0 <2.32.2 || >=2.34 <2.44

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00062 pctl0.1968

Details

Incorrect Authorization in Jenkins Jenkins before versions 2.44 and 2.32.2 is vulnerable to an insufficient permission check. This allows users with permissions to create new items (e.g. jobs) to overwrite existing items they don't have access to (SECURITY-321).

Metadata

Created: 2022-05-13T01:12:25Z
Modified: 2022-07-01T18:28:34Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-7r4h-2h23-6jq9/GHSA-7r4h-2h23-6jq9.json
CWE IDs: ["CWE-863"]
Alternative ID: GHSA-7r4h-2h23-6jq9
Finding: F006
Auto approve: 1