1. Home
  2. Vulnerabilities
  3. CVE-2017-2599

CVE-2017-2599

CVSS v3.1 5.4 (Medium)
54% Progress
CVSS v2.0 5.5 (Medium)
55% Progress
EPSS 0.13 % (49th)
0.13% Progress
Affected Products 1
Advisories 2
Info CVSS EPSS Affected Configurations References Security Advisories Packages & Software Tools, Exploits & PoC Graph Web & Social Timeline

Jenkins before versions 2.44 and 2.32.2 is vulnerable to an insufficient permission check. This allows users with permissions to create new items (e.g. jobs) to overwrite existing items they don't have access to (SECURITY-321).

Weaknesses
CWE-863
Incorrect Authorization
CVE Status
PUBLISHED
CNA
Red Hat, Inc.
Published Date
2018-04-11 16:29:00
(6 years ago)
Updated Date
2022-11-30 21:19:48
(21 months ago)

Affected Products

Jenkins

Configuration #1

    CPE23 From Up To
  Jenkins prior 2.32.2 version cpe:2.3:a:jenkins:jenkins::*:*:*:lts < 2.32.2
  Jenkins prior 2.44 version cpe:2.3:a:jenkins:jenkins < 2.44