CVE-2017-2598

MEDIUM

Jenkins < 2.44 and < 2.32.2 - Inadequate Encryption Strength for Secrets

Title source: llm
STIX 2.1

Description

Jenkins before versions 2.44, 2.32.2 uses AES ECB block cipher mode without IV for encrypting secrets which makes Jenkins and the stored secrets vulnerable to unnecessary risks (SECURITY-304).

References (4)

Core 4
Core References
Vendor Advisory x_refsource_confirm
https://jenkins.io/security/advisory/2017-02-01/
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/95948

Scores

CVSS v3 4.3
EPSS 0.0110
EPSS Percentile 61.9%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Details

CWE
CWE-325 CWE-326
Status published
Products (3)
jenkins/jenkins < 2.32.2
jenkins/jenkins < 2.44
org.jenkins-ci.main/jenkins-core 0 - 2.32.2Maven
Published May 23, 2018
Tracked Since Feb 18, 2026