CVE-2017-2600 – org.jenkins-ci.main:jenkins-core

Package

Manager: maven
Name: org.jenkins-ci.main:jenkins-core
Vulnerable Version: >=0 <2.32.2 || >=2.34 <2.44

Severity

Level: Medium

CVSS v3.1: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00019 pctl0.03274

Details

Exposure of Sensitive Information to an Unauthorized Actor in Jenkins In Jenkins before versions 2.44 and 2.32.2, node monitor data could be viewed by low privilege users via the remote API. These included system configuration and runtime information of these nodes (SECURITY-343).

Metadata

Created: 2022-05-13T01:36:55Z
Modified: 2022-07-01T18:01:00Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-wj5c-j656-h5fw/GHSA-wj5c-j656-h5fw.json
CWE IDs: ["CWE-200"]
Alternative ID: GHSA-wj5c-j656-h5fw
Finding: F038
Auto approve: 1