CVE-2017-2604 – org.jenkins-ci.main:jenkins-core

Package

Manager: maven
Name: org.jenkins-ci.main:jenkins-core
Vulnerable Version: >=0 <2.32.2 || >=2.34 <2.44

Severity

Level: Medium

CVSS v3.1: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

EPSS: 0.0005 pctl0.15219

Details

Improper Authentication in Jenkins In Jenkins before versions 2.44 and 2.32.2, low privilege users were able to act on administrative monitors due to them not being consistently protected by permission checks (SECURITY-371).

Metadata

Created: 2022-05-13T01:36:54Z
Modified: 2022-07-01T17:48:34Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-m93h-5qmx-pphg/GHSA-m93h-5qmx-pphg.json
CWE IDs: ["CWE-287"]
Alternative ID: GHSA-m93h-5qmx-pphg
Finding: F039
Auto approve: 1