Description

In jenkins before versions 2.44, 2.32.2 node monitor data could be viewed by low privilege users via the remote API. These included system configuration and runtime information of these nodes (SECURITY-343).

Remediation

References

CVE-2017-2600

Related Vulnerabilities

Oracle JRE CVE-2018-2618 Vulnerability (CVE-2018-2618)

XWiki Improper Preservation of Permissions Vulnerability (CVE-2021-21379)

WordPress Plugin Social Connect Cross-Site Scripting (1.0.4)

PrestaShop Improper Restriction of Rendered UI Layers or Frames Vulnerability (CVE-2018-7491)

WordPress Plugin WooCommerce EnvioPack Cross-Site Scripting (1.2)

Severity

Medium

Classification

CVE-2017-2600 CWE-200 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Tags

Missing Update Known Vulnerabilities