Description

In jenkins before versions 2.44, 2.32.2 node monitor data could be viewed by low privilege users via the remote API. These included system configuration and runtime information of these nodes (SECURITY-343).

Remediation

References

CVE-2017-2600

Related Vulnerabilities

WordPress Plugin WP Socializer-Simple & Easy Social Media Share Icons Cross-Site Scripting (2.4.2)

WordPress Plugin Limit Attempts by BestWebSoft Multiple Vulnerabilities (1.0.3)

phpMyAdmin Permissions, Privileges, and Access Controls Vulnerability (CVE-2013-4729)

ReviveAdserver Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2016-9127)

MySQL CVE-2016-0651 Vulnerability (CVE-2016-0651)

Severity

Medium

Classification

CVE-2017-2600 CWE-200 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Tags

Missing Update Known Vulnerabilities