CVE-2017-1000105: The optional Run/Artifacts permission can be enabled by setting a Java system property. Blue Ocean did not check this permission before providing access to…

medium5.3CVSS 3.0

AVNACLPRNUINSUCLINAN

The optional Run/Artifacts permission can be enabled by setting a Java system property. Blue Ocean did not check this permission before providing access to archived artifacts, Item/Read permission was sufficient.

Affected

14 ranges

Vendor	Product	Version range	Fixed in
jenkins	blue_ocean	<= 1.1.5	—
jenkins	blue_ocean	—	—
jenkins	blue_ocean_plugin	—	—
jenkins	config_file_provider_plugin	—	—
jenkins	credentials_plugin	—	—
jenkins	datadog_plugin	—	—
jenkins	deploy_to_container_plugin	—	—
jenkins	dry_plugin	—	—
jenkins	groovy_plugin	—	—
jenkins	input_step_plugin	—	—
jenkins	owasp_dependency-check_plugin	—	—
jenkins	script_security_plugin	—	—
jenkins	static_analysis_utilities_plugin	—	—
jenkins	warnings_plugin	—	—