Description

In Jenkins before versions 2.44, 2.32.2 low privilege users were able to act on administrative monitors due to them not being consistently protected by permission checks (SECURITY-371).

Remediation

References

CVE-2017-2604

Related Vulnerabilities

WordPress Plugin WP Bannerize SQL Injection (4.0.2)

Joomla! Core 3.x.x Security Bypass (3.2.0 - 3.4.4)

WordPress 4.2.x Multiple Vulnerabilities (4.2 - 4.2.26)

Next.js User Interface (UI) Misrepresentation of Critical Information Vulnerability (CVE-2022-23646)

Moodle Permissions, Privileges, and Access Controls Vulnerability (CVE-2011-4589)

Severity

Medium

Classification

CVE-2017-2604 CWE-287 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Tags

Missing Update Known Vulnerabilities