Description

In Jenkins before versions 2.44, 2.32.2 low privilege users were able to override JDK download credentials (SECURITY-392), resulting in future builds possibly failing to download a JDK.

Remediation

References

CVE-2017-2612

Related Vulnerabilities

WordPress Plugin WP Email Template PHP Object Injection (2.4.0)

WordPress Plugin Photospace Responsive Gallery Unspecified Vulnerability (1.1.7)

Drupal Core 7.x Security Bypass (7.0 - 7.90)

PostgreSQL Improper Access Control Vulnerability (CVE-2019-10127)

Moodle Permissions, Privileges, and Access Controls Vulnerability (CVE-2015-5266)

Severity

Medium

Classification

CVE-2017-2612 CWE-732 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L

Tags

Missing Update Known Vulnerabilities