CVE-2017-2600
MEDIUMJenkins < 2.44 and < 2.32.2 - Unauthenticated Information Disclosure via Node Monitor Remote API
Title source: llmDescription
In jenkins before versions 2.44, 2.32.2 node monitor data could be viewed by low privilege users via the remote API. These included system configuration and runtime information of these nodes (SECURITY-343).
References (4)
Core 4
Core References
Vendor Advisory x_refsource_confirm
https://jenkins.io/security/advisory/2017-02-01/
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/95954
Issue Tracking, Patch x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2600
Patch x_refsource_confirm
https://github.com/jenkinsci/jenkins/commit/0f92cd08a19207de2cceb6a2f4e3e9f92fdc0899
Scores
CVSS v3
4.3
EPSS
0.0003
EPSS Percentile
10.3%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Details
CWE
CWE-325
CWE-200
Status
published
Products (3)
jenkins/jenkins
< 2.32.2
jenkins/jenkins
< 2.44
org.jenkins-ci.main/jenkins-core
0 - 2.32.2Maven
Published
May 15, 2018
Tracked Since
Feb 18, 2026