CVE-2017-2599
MEDIUMJenkins < 2.44 and < 2.32.2 - Incorrect Authorization via Item Overwrite
Title source: llmDescription
Jenkins before versions 2.44 and 2.32.2 is vulnerable to an insufficient permission check. This allows users with permissions to create new items (e.g. jobs) to overwrite existing items they don't have access to (SECURITY-321).
References (4)
Core 4
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/95949
Vendor Advisory x_refsource_confirm
https://jenkins.io/security/advisory/2017-02-01/
Issue Tracking, Third Party Advisory x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2599
Patch, Third Party Advisory x_refsource_confirm
https://github.com/jenkinsci/jenkins/commit/4ed5c850b6855ab064a66d02fb338f366853ce89
Scores
CVSS v3
5.4
EPSS
0.0016
EPSS Percentile
37.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Details
CWE
CWE-863
Status
published
Products (3)
jenkins/jenkins
< 2.32.2
jenkins/jenkins
< 2.44
org.jenkins-ci.main/jenkins-core
0 - 2.32.2Maven
Published
Apr 11, 2018
Tracked Since
Feb 18, 2026