CVE-2017-1000242

CWE-200Information ExposureCWE-3777 documents7 sources
Severity
3.3LOW
EPSS
0.0%
top 99.42%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Jenkins GIT Client
Timeline
PublishedNov 1
Latest updateMay 17

Description

Jenkins Git Client Plugin 2.4.2 and earlier creates temporary file with insecure permissions resulting in information disclosure

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 1.8 | Impact: 1.4

Affected Packages2 packages

🔴Vulnerability Details

3
GHSA
Insecure temporary file usage in Jenkins Git Client Plugin2022-05-17
OSV
Insecure temporary file usage in Jenkins Git Client Plugin2022-05-17
CVEList
CVE-2017-1000242: Jenkins Git Client Plugin 22017-11-01

📋Vendor Advisories

2
Red Hat
jenkins-plugin-git-client: Storing sensitive information in world-readable temporary files (SECURITY-445)2017-04-27
Jenkins
Jenkins Security Advisory 2017-04-272017-04-27

💬Community

1
Bugzilla
CVE-2017-1000242 jenkins-plugin-git-client: Storing sensitive information in world-readable temporary files (SECURITY-445)2017-04-28
CVE-2017-1000242 (LOW CVSS 3.3) | Jenkins Git Client Plugin 2.4.2 and | cvebase.io