CVE-2017-2612

MEDIUM

Jenkins <2.44, 2.32.2 - Privilege Escalation

Title source: llm

Description

In Jenkins before versions 2.44, 2.32.2 low privilege users were able to override JDK download credentials (SECURITY-392), resulting in future builds possibly failing to download a JDK.

References (4)

[Vendor Advisory] https://jenkins.io/security/advisory/2017-02-01/

[Patch] https://github.com/jenkinsci/jenkins/commit/a814154695e23dc37542af7d40cacc129cf70722

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/95957

[Issue Tracking] https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2612

Scores

CVSS v3 5.4

EPSS 0.0012

EPSS Percentile 30.4%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L

Details

CWE

CWE-358 CWE-732

Status published

Products (2)

jenkins/jenkins < 2.44

org.jenkins-ci.main/jenkins-core 0 - 2.32.2Maven

Published May 15, 2018

Tracked Since Feb 18, 2026