CVE-2017-2602 in Jenkinsinfo

Summary

jenkins before versions 2.44, 2.32.2 is vulnerable to an improper blacklisting of the Pipeline metadata files in the agent-to-master security subsystem. This could allow metadata files to be written to by malicious agents (SECURITY-358).

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

Responsible

Red Hat, Inc.

Reservation

12/01/2016

Disclosure

05/15/2018

Moderation

VulDB entry created

Entries

1: VDB-117770

CPE

ready

CWE

CWE-254 (Confirmed)

CVSS

4.9

EPSS

0.00165

Activities

Very Low

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2017-2602
NVD	https://nvd.nist.gov/vuln/detail/CVE-2017-2602
CVE Details	https://www.cvedetails.com/cve/CVE-2017-2602/

◂ Previous Overview Next ▸