Description

Jenkins before versions 2.44 and 2.32.2 is vulnerable to an insufficient permission check. This allows users with permissions to create new items (e.g. jobs) to overwrite existing items they don't have access to (SECURITY-321).

Remediation

References

CVE-2017-2599

Related Vulnerabilities

Rukovoditel Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-7400)

WordPress Plugin Booking Calendar Local File Inclusion (7.0)

WebLogic CVE-2023-21841 Vulnerability (CVE-2023-21841)

WordPress Plugin Duplicator-WordPress Migration Arbitrary File Download (1.3.26)

WordPress Plugin WordPress Download Manager Cross-Site Scripting (2.9.93)

Severity

Medium

Classification

CVE-2017-2599 CWE-863 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities