CVE-2017-2598 in Jenkinsinfo

Summary

Jenkins before versions 2.44, 2.32.2 uses AES ECB block cipher mode without IV for encrypting secrets which makes Jenkins and the stored secrets vulnerable to unnecessary risks (SECURITY-304).

VulDB is the best source for vulnerability data and more expert information about this specific topic.

Responsible

Red Hat, Inc.

Reservation

12/01/2016

Disclosure

05/23/2018

Moderation

VulDB entry created

Entries

1: VDB-118114

CPE

ready

CWE

CWE-326 (Confirmed)

CVSS

5.3

EPSS

0.00059

Activities

Very Low

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2017-2598
NVD	https://nvd.nist.gov/vuln/detail/CVE-2017-2598
CVE Details	https://www.cvedetails.com/cve/CVE-2017-2598/

◂ Previous Overview Next ▸

Do you want to use VulDB in your project?

Use the official API to access entries easily!