Vulnerability Description
In Jenkins before versions 2.44, 2.32.2 low privilege users were able to act on administrative monitors due to them not being consistently protected by permission checks (SECURITY-371).
CVSS Score
4.3
MEDIUM
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Jenkins | Jenkins | < 2.44 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/95959Third Party AdvisoryVDB Entry
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2604Issue Tracking
- https://github.com/jenkinsci/jenkins/commit/6efcf6c2ac39bc5c59ac7251822be8ddf67cPatch
- https://jenkins.io/security/advisory/2017-02-01/Vendor Advisory
- http://www.securityfocus.com/bid/95959Third Party AdvisoryVDB Entry
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2604Issue Tracking
- https://github.com/jenkinsci/jenkins/commit/6efcf6c2ac39bc5c59ac7251822be8ddf67cPatch
- https://jenkins.io/security/advisory/2017-02-01/Vendor Advisory
FAQ
What is CVE-2017-2604?
CVE-2017-2604 is a vulnerability with a CVSS score of 4.3 (MEDIUM). In Jenkins before versions 2.44, 2.32.2 low privilege users were able to act on administrative monitors due to them not being consistently protected by permission checks (SECURITY-371).
How severe is CVE-2017-2604?
CVE-2017-2604 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2017-2604?
Check the references section above for vendor advisories and patch information. Affected products include: Jenkins Jenkins.