CVE-2017-2602 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	3.1 LOW	NETWORK	HIGH	LOW	CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N
redhat	CNA	3.1 LOW	NETWORK	HIGH	LOW	CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 28%

Vendor	Product	Version
jenkins	jenkins	𝑥 < 2.32.2
jenkins	jenkins	𝑥 < 2.44

𝑥

= Vulnerable software versions

Ubuntu Releases

Ubuntu Product

Codename

jenkins

zesty	dne
yakkety	dne
xenial	dne
trusty	dne
precise	ignored

Common Weakness Enumeration

CWE-184 - Incomplete List of Disallowed Inputs
The product implements a protection mechanism that relies on a list of inputs (or properties of inputs) that are not allowed by policy or otherwise require other action to neutralize before additional processing takes place, but the list is incomplete, leading to resultant weaknesses.

References

http://www.securityfocus.com/bid/95952

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2602

https://github.com/jenkinsci/jenkins/commit/414ff7e30aba66bed18c4ee8a8660fb36fc8c655

https://jenkins.io/security/advisory/2017-02-01/

http://www.securityfocus.com/bid/95952

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2602

https://github.com/jenkinsci/jenkins/commit/414ff7e30aba66bed18c4ee8a8660fb36fc8c655

https://jenkins.io/security/advisory/2017-02-01/