Description

Jenkins before versions 2.44 and 2.32.2 is vulnerable to an insufficient permission check. This allows users with permissions to create new items (e.g. jobs) to overwrite existing items they don't have access to (SECURITY-321).

Remediation

References

https://jenkins.io/security/advisory/2017-02-01/

https://github.com/jenkinsci/jenkins/commit/4ed5c850b6855ab064a66d02fb338f366853ce89

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2599

http://www.securityfocus.com/bid/95949

Related Vulnerabilities

CVE-2022-24196 Vulnerability in maven package com.itextpdf:itext7-core

CVE-2012-2145 Vulnerability in maven package org.apache.qpid:qpid-common

CVE-2018-6341 Vulnerability in npm package react-dom

CVE-2023-24057 Vulnerability in maven package ca.uhn.hapi.fhir:org.hl7.fhir.r4b

CVE-2022-45380 Vulnerability in maven package org.jenkins-ci.plugins:junit

Severity

Medium

Classification

CWE-863 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

Tags

Vendor Advisory Patch Third Party Advisory Issue Tracking VDB Entry