CVE-2017-2604 Information
Feb 14, 2021
cve
Description
In Jenkins before versions 2.44 2.32.2 low privilege users were able to act on administrative monitors due to them not being consistently protected by permission checks (SECURITY-371).
CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Reference
http://www.securityfocus.com/bid/95959 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2604 https://github.com/jenkinsci/jenkins/commit/6efcf6c2ac39bc5c59ac7251822be8ddf67ceaf8 https://jenkins.io/security/advisory/2017-02-01/
Attack Complexity
LOW
Privileges Required
LOW
User Interaction Required
LOW
Scope
NONE
Confidentiality Impact
UNCHANGED
Integrity Impact
NONE
Availability Impact
LOW
Base Score
NONE
Base Severity
4.3
Share on: