CVE-2017-1000105

CVSS v3.0 5.3 (Medium)

CVSS v2.0 5 (Medium)

EPSS 0.08 % (35^th)

Affected Products 1

Advisories 1

The optional Run/Artifacts permission can be enabled by setting a Java system property. Blue Ocean did not check this permission before providing access to archived artifacts, Item/Read permission was sufficient.

Weaknesses

CWE-862: Missing Authorization

CVE Status: PUBLISHED
CNA: MITRE
Published Date: 2017-10-05 01:29:04
(7 years ago)
Updated Date: 2020-08-24 17:37:01
(4 years ago)

Affected Products

Jenkins

Blue Ocean

Configuration #1

	CPE23	Up To
Jenkins Blue Ocean for Jenkins 1.1.5 and prior versions	cpe:2.3:a:jenkins:blue_ocean::::::jenkins	<= 1.1.5
Jenkins Blue Ocean 1.2.0 Beta-1 for Jenkins	cpe:2.3:a:jenkins:blue_ocean:1.2.0:beta-1:::*:jenkins
Jenkins Blue Ocean 1.2.0 Beta-2 for Jenkins	cpe:2.3:a:jenkins:blue_ocean:1.2.0:beta-2:::*:jenkins
Jenkins Blue Ocean 1.2.0 Beta-3 for Jenkins	cpe:2.3:a:jenkins:blue_ocean:1.2.0:beta-3:::*:jenkins