CVE-2017-2611Improperly Implemented Security Check for Standard in Jenkins

CWE-358Improperly Implemented Security Check for StandardCWE-863Incorrect Authorization8 documents7 sources
Severity
4.3MEDIUMNVD
EPSS
0.3%
top 47.34%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
JenkinsRedhat Openshift
Timeline
PublishedMay 8
Latest updateMay 13

Description

Jenkins before versions 2.44, 2.32.2 is vulnerable to an insufficient permission check for periodic processes (SECURITY-389). The URLs /workspaceCleanup and /fingerprintCleanup did not perform permission checks, allowing users with read access to Jenkins to trigger these background processes (that are otherwise performed daily), possibly causing additional load on Jenkins master and agents.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:LExploitability: 2.8 | Impact: 1.4

Affected Packages2 packages

NVDjenkins/jenkins< 2.32.2+1
NVDredhat/openshift2.0, 3.0+1

🔴Vulnerability Details

3
OSV
Incorrect Authorization in Jenkins Core2022-05-13
GHSA
Incorrect Authorization in Jenkins Core2022-05-13
CVEList
CVE-2017-2611: Jenkins before versions 22018-05-08

📋Vendor Advisories

2
Red Hat
jenkins: Insufficient permission check for periodic processes (SECURITY-389)2017-02-01
Jenkins
Jenkins Security Advisory 2017-02-012017-02-01

💬Community

2
Bugzilla
CVE-2017-2611 jenkins: Insufficient permission check for periodic processes (SECURITY-389)2017-02-02
Bugzilla
CVE-2017-1000362 CVE-2017-2598 CVE-2017-2599 CVE-2017-2600 CVE-2017-2601 CVE-2017-2602 CVE-2017-2604 CVE-2017-2606 CVE-2017-2607 CVE-2017-2608 CVE-2017-2609 CVE-2017-2610 CVE-2017-2611 CVE-2017-2612 C2017-02-02
CVE-2017-2611 — Jenkins vulnerability | cvebase