What is the severity of CVE-2017-1000087?

CVE-2017-1000087 is classified as a medium severity vulnerability due to improper permission checks.

How do I fix CVE-2017-1000087?

To fix CVE-2017-1000087, upgrade to a version of Jenkins Github Branch Source that is greater than 2.0.7.

What types of credentials are affected by CVE-2017-1000087?

CVE-2017-1000087 affects all valid credential IDs that can be listed by any user with Overall/Read permission.

Who is affected by CVE-2017-1000087?

Any Jenkins user with Overall/Read permission can exploit CVE-2017-1000087 without needing elevated privileges.

What components does CVE-2017-1000087 impact in Jenkins?

CVE-2017-1000087 specifically impacts the GitHub Branch Source plugin in Jenkins.

Vulnerability/
CVE-2017-1000087

medium

4.3

CWE

200

4/10/2017

5/8/2024

CVE-2017-1000087: Infoleak

First published: Wed Oct 04 2017(Updated: )

GitHub Branch Source provides a list of applicable credential IDs to allow users configuring a job to select the one they'd like to use. This functionality did not check permissions, allowing any user with Overall/Read permission to get a list of valid credentials IDs. Those could be used as part of an attack to capture the credentials using another vulnerability.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
Jenkins Github Branch Source	<=2.0.7
Jenkins Github Branch Source	=0.1-beta-1
Jenkins Github Branch Source	=0.1-beta-2
Jenkins Github Branch Source	=0.1-beta-3
Jenkins Github Branch Source	=0.1-beta-4
Jenkins Github Branch Source	=1.0
Jenkins Github Branch Source	=1.1
Jenkins Github Branch Source	=1.2
Jenkins Github Branch Source	=1.3
Jenkins Github Branch Source	=1.4
Jenkins Github Branch Source	=1.4-beta-1
Jenkins Github Branch Source	=1.5
Jenkins Github Branch Source	=1.6
Jenkins Github Branch Source	=1.7
Jenkins Github Branch Source	=1.8
Jenkins Github Branch Source	=1.8.1
Jenkins Github Branch Source	=1.9
Jenkins Github Branch Source	=1.10
Jenkins Github Branch Source	=2.0.0
Jenkins Github Branch Source	=2.0.0-beta-1
Jenkins Github Branch Source	=2.0.0-beta-2
Jenkins Github Branch Source	=2.0.1
Jenkins Github Branch Source	=2.0.1-beta-1
Jenkins Github Branch Source	=2.0.1-beta-2
Jenkins Github Branch Source	=2.0.1-beta-3
Jenkins Github Branch Source	=2.0.1-beta-4
Jenkins Github Branch Source	=2.0.1-beta-5
Jenkins Github Branch Source	=2.0.1-beta-6
Jenkins Github Branch Source	=2.0.2
Jenkins Github Branch Source	=2.0.3
Jenkins Github Branch Source	=2.0.4
Jenkins Github Branch Source	=2.0.4-beta-1
Jenkins Github Branch Source	=2.0.5
Jenkins Github Branch Source	=2.0.6
Jenkins Github Branch Source	=2.2.0
Jenkins Github Branch Source	=2.2.0-alpha-1
Jenkins Github Branch Source	=2.2.0-alpha-2
Jenkins Github Branch Source	=2.2.0-alpha-3
Jenkins Github Branch Source	=2.2.0-alpha-4
Jenkins Github Branch Source	=2.2.0-beta-1

Never miss a vulnerability like this again

Reference Links

https://jenkins.io/security/advisory/2017-07-10/

Frequently Asked Questions

What is the severity of CVE-2017-1000087?
CVE-2017-1000087 is classified as a medium severity vulnerability due to improper permission checks.
How do I fix CVE-2017-1000087?
To fix CVE-2017-1000087, upgrade to a version of Jenkins Github Branch Source that is greater than 2.0.7.
What types of credentials are affected by CVE-2017-1000087?
CVE-2017-1000087 affects all valid credential IDs that can be listed by any user with Overall/Read permission.
Who is affected by CVE-2017-1000087?
Any Jenkins user with Overall/Read permission can exploit CVE-2017-1000087 without needing elevated privileges.
What components does CVE-2017-1000087 impact in Jenkins?
CVE-2017-1000087 specifically impacts the GitHub Branch Source plugin in Jenkins.

collector/nvd-index
agent/type
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/references
agent/weakness
agent/severity
agent/author
agent/last-modified-date
agent/description
agent/first-publish-date
agent/tags
agent/event
agent/source
vendor/jenkins
canonical/jenkins github branch source
version/jenkins github branch source/2.0.7
version/jenkins github branch source/0.1-beta-1
version/jenkins github branch source/0.1-beta-2
version/jenkins github branch source/0.1-beta-3
version/jenkins github branch source/0.1-beta-4
version/jenkins github branch source/1.0
version/jenkins github branch source/1.1
version/jenkins github branch source/1.2
version/jenkins github branch source/1.3
version/jenkins github branch source/1.4
version/jenkins github branch source/1.4-beta-1
version/jenkins github branch source/1.5
version/jenkins github branch source/1.6
version/jenkins github branch source/1.7
version/jenkins github branch source/1.8
version/jenkins github branch source/1.8.1
version/jenkins github branch source/1.9
version/jenkins github branch source/1.10
version/jenkins github branch source/2.0.0
version/jenkins github branch source/2.0.0-beta-1
version/jenkins github branch source/2.0.0-beta-2
version/jenkins github branch source/2.0.1
version/jenkins github branch source/2.0.1-beta-1
version/jenkins github branch source/2.0.1-beta-2
version/jenkins github branch source/2.0.1-beta-3
version/jenkins github branch source/2.0.1-beta-4
version/jenkins github branch source/2.0.1-beta-5
version/jenkins github branch source/2.0.1-beta-6
version/jenkins github branch source/2.0.2
version/jenkins github branch source/2.0.3
version/jenkins github branch source/2.0.4
version/jenkins github branch source/2.0.4-beta-1
version/jenkins github branch source/2.0.5
version/jenkins github branch source/2.0.6
version/jenkins github branch source/2.2.0
version/jenkins github branch source/2.2.0-alpha-1
version/jenkins github branch source/2.2.0-alpha-2
version/jenkins github branch source/2.2.0-alpha-3
version/jenkins github branch source/2.2.0-alpha-4
version/jenkins github branch source/2.2.0-beta-1

CVE-2017-1000087: Infoleak

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2017-1000087?

How do I fix CVE-2017-1000087?

What types of credentials are affected by CVE-2017-1000087?

Who is affected by CVE-2017-1000087?

What components does CVE-2017-1000087 impact in Jenkins?

Company

Resources

Contact

Frequently Asked Questions

What is the severity of CVE-2017-1000087?

How do I fix CVE-2017-1000087?

What types of credentials are affected by CVE-2017-1000087?

Who is affected by CVE-2017-1000087?

What components does CVE-2017-1000087 impact in Jenkins?