Description

Jenkins before versions 2.44 and 2.32.2 is vulnerable to an insufficient permission check. This allows users with permissions to create new items (e.g. jobs) to overwrite existing items they don't have access to (SECURITY-321).

Remediation

References

https://jenkins.io/security/advisory/2017-02-01/

https://github.com/jenkinsci/jenkins/commit/4ed5c850b6855ab064a66d02fb338f366853ce89

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2599

http://www.securityfocus.com/bid/95949

Related Vulnerabilities

CVE-2022-4492 Vulnerability in maven package io.undertow:undertow-core

CVE-2019-10284 Vulnerability in maven package org.jenkins-ci.plugins:diawi-upload

CVE-2013-7315 Vulnerability in maven package org.springframework:spring-web

CVE-2018-5382 Vulnerability in maven package org.bouncycastle:bcprov-jdk15

CVE-2021-22134 Vulnerability in maven package org.elasticsearch:elasticsearch

Severity

Medium

Classification

CWE-863 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

Tags

Vendor Advisory Patch Third Party Advisory Issue Tracking VDB Entry