CVE-2017-1000087

GitHub Branch Source provides a list of applicable credential IDs to allow users configuring a job to select the one they'd like to use. This functionality did not check permissions, allowing any user with Overall/Read permission to get a list of valid credentials IDs. Those could be used as part of an attack to capture the credentials using another vulnerability.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.3 MEDIUM
NETWORK
LOW
LOW
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 4%
VendorProductVersion
jenkinsgithub_branch_source
𝑥
≤ 2.0.7
jenkinsgithub_branch_source
0.1:beta-1
jenkinsgithub_branch_source
0.1:beta-2
jenkinsgithub_branch_source
0.1:beta-3
jenkinsgithub_branch_source
0.1:beta-4
jenkinsgithub_branch_source
1.0
jenkinsgithub_branch_source
1.1
jenkinsgithub_branch_source
1.2
jenkinsgithub_branch_source
1.3
jenkinsgithub_branch_source
1.4
jenkinsgithub_branch_source
1.4:beta-1
jenkinsgithub_branch_source
1.5
jenkinsgithub_branch_source
1.6
jenkinsgithub_branch_source
1.7
jenkinsgithub_branch_source
1.8
jenkinsgithub_branch_source
1.8.1
jenkinsgithub_branch_source
1.9
jenkinsgithub_branch_source
1.10
jenkinsgithub_branch_source
2.0.0
jenkinsgithub_branch_source
2.0.0:beta-1
jenkinsgithub_branch_source
2.0.0:beta-2
jenkinsgithub_branch_source
2.0.1
jenkinsgithub_branch_source
2.0.1:beta-1
jenkinsgithub_branch_source
2.0.1:beta-2
jenkinsgithub_branch_source
2.0.1:beta-3
jenkinsgithub_branch_source
2.0.1:beta-4
jenkinsgithub_branch_source
2.0.1:beta-5
jenkinsgithub_branch_source
2.0.1:beta-6
jenkinsgithub_branch_source
2.0.2
jenkinsgithub_branch_source
2.0.3
jenkinsgithub_branch_source
2.0.4
jenkinsgithub_branch_source
2.0.4:beta-1
jenkinsgithub_branch_source
2.0.5
jenkinsgithub_branch_source
2.0.6
jenkinsgithub_branch_source
2.2.0
jenkinsgithub_branch_source
2.2.0:alpha-1
jenkinsgithub_branch_source
2.2.0:alpha-2
jenkinsgithub_branch_source
2.2.0:alpha-3
jenkinsgithub_branch_source
2.2.0:alpha-4
jenkinsgithub_branch_source
2.2.0:beta-1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://jenkins.io/security/advisory/2017-07-10/
https://jenkins.io/security/advisory/2017-07-10/