CVE-2017-2611
First published: Tue May 08 2018(Updated: )
Jenkins before versions 2.44, 2.32.2 is vulnerable to an insufficient permission check for periodic processes (SECURITY-389). The URLs /workspaceCleanup and /fingerprintCleanup did not perform permission checks, allowing users with read access to Jenkins to trigger these background processes (that are otherwise performed daily), possibly causing additional load on Jenkins master and agents.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Jenkins Jenkins | <2.32.2 | |
| Jenkins Jenkins | <2.44 | |
| Redhat Openshift | =2.0 | |
| Redhat Openshift | =3.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- agent/references
- agent/weakness
- agent/type
- agent/last-modified-date
- agent/first-publish-date
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/severity
- agent/author
- agent/softwarecombine
- agent/tags
- agent/description
- agent/event
- collector/mitre-cve
- source/MITRE
- vendor/jenkins
- canonical/jenkins jenkins
- vendor/redhat
- canonical/redhat openshift
- version/redhat openshift/2.0
- version/redhat openshift/3.0