CVE-2017-1000108

HIGH

Pipeline: Input Step Plugin - Info Disclosure

Title source: llm
STIX 2.1

Description

The Pipeline: Input Step Plugin by default allowed users with Item/Read access to a pipeline to interact with the step to provide input. This has been changed, and now requires users to have the Item/Build permission instead.

References (1)

Core 1
Core References
Vendor Advisory x_refsource_confirm
https://jenkins.io/security/advisory/2017-08-07/

Scores

CVSS v3 7.5
EPSS 0.0008
EPSS Percentile 24.4%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

CWE
CWE-200
Status published
Products (9)
jenkins/pipeline-input-step 2.0
jenkins/pipeline-input-step 2.1
jenkins/pipeline-input-step 2.2
jenkins/pipeline-input-step 2.3
jenkins/pipeline-input-step 2.4
jenkins/pipeline-input-step 2.5
jenkins/pipeline-input-step 2.6
jenkins/pipeline-input-step 2.7
org.jenkins-ci.plugins/pipeline-input-step 0 - 2.7Maven
Published Oct 05, 2017
Tracked Since Feb 18, 2026