CVE-2017-2599

Description

Jenkins before versions 2.44 and 2.32.2 is vulnerable to an insufficient permission check. This allows users with permissions to create new items (e.g. jobs) to overwrite existing items they don't have access to (SECURITY-321).

CVSS breakdown

CVSS 3.0

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

Low

Availability

None

Affected products

Unknown / jenkinsjenkins 2.44 – jenkins 2.44
Unknown / jenkinsjenkins 2.32.2 – jenkins 2.32.2

References

MISChttp://www.securityfocus.com/bid/95949
MISChttps://jenkins.io/security/advisory/2017-02-01/
MISChttps://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2599
PATCHhttps://github.com/jenkinsci/jenkins/commit/4ed5c850b6855ab064a66d02fb338f366853ce89