How severe is CVE-2017-2612?

CVE-2017-2612 has a CVSS v3 score of 5.4 (MEDIUM).

CVE-2017-2612

Name: jenkins
Author: jenkins

5.4MEDIUM

In Jenkins before versions 2.44, 2.32.2 low privilege users were able to override JDK download credentials (SECURITY-392), resulting in future builds possibly failing to download a JDK.

Publicado: 5/15/2018Actualizado: 11/21/2024

Descripción

In Jenkins before versions 2.44, 2.32.2 low privilege users were able to override JDK download credentials (SECURITY-392), resulting in future builds possibly failing to download a JDK.

Análisis IAImpulsado por IA

Productos Afectados

jenkinsjenkins

Referencias

http://www.securityfocus.com/bid/95957
Third Party AdvisoryVDB Entry
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2612
Issue Tracking
https://github.com/jenkinsci/jenkins/commit/a814154695e23dc37542af7d40cacc129cf70722
Patch
https://jenkins.io/security/advisory/2017-02-01/
Vendor Advisory
http://www.securityfocus.com/bid/95957
Third Party AdvisoryVDB Entry
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2612
Issue Tracking
https://github.com/jenkinsci/jenkins/commit/a814154695e23dc37542af7d40cacc129cf70722
Patch
https://jenkins.io/security/advisory/2017-02-01/
Vendor Advisory