CVE-2017-1000105

CWE-862 — Missing Authorization5 documents5 sources

Severity

5.3MEDIUM

EPSS

0.0%

top 88.53%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Jenkins Blue Ocean

Timeline

PublishedOct 5

Latest updateMay 13

Description

The optional Run/Artifacts permission can be enabled by setting a Java system property. Blue Ocean did not check this permission before providing access to archived artifacts, Item/Read permission was sufficient.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages2 packages

▶NVDjenkins/blue_ocean1.1.5+1

▶Mavenio.jenkins.blueocean:blueocean1.2.4

🔴Vulnerability Details

OSV

Missing Authorization in Jenkins Blue Ocean Plugin↗2022-05-13

▶

GHSA

Missing Authorization in Jenkins Blue Ocean Plugin↗2022-05-13

▶

CVEList

CVE-2017-1000105: The optional Run/Artifacts permission can be enabled by setting a Java system property↗2017-10-04

▶

📋Vendor Advisories

Jenkins

Jenkins Security Advisory 2017-08-07↗2017-08-07

▶