Description

In Jenkins before versions 2.44, 2.32.2 low privilege users were able to override JDK download credentials (SECURITY-392), resulting in future builds possibly failing to download a JDK.

Remediation

References

CVE-2017-2612

Related Vulnerabilities

WordPress Plugin Eu Cookie Notice Cross-Site Request Forgery (1.0.6)

WordPress 3.6 Multiple Vulnerabilities (2.0 - 3.6)

WordPress Plugin Events Manager Multiple Vulnerabilities (5.9.7.3)

MySQL CVE-2017-3653 Vulnerability (CVE-2017-3653)

Oracle HTTP Server CVE-2022-21375 Vulnerability (CVE-2022-21375)

Severity

Medium

Classification

CVE-2017-2612 CWE-732 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L

Tags

Missing Update Known Vulnerabilities