CVE-2017-2599
Incorrect Authorization in Jenkins
5.4
MEDIUM
CVSS 3.1
EPSS 0.16%
Description
Jenkins before versions 2.44 and 2.32.2 is vulnerable to an insufficient permission check. This allows users with permissions to create new items (e.g. jobs) to overwrite existing items they don't have access to (SECURITY-321).
How to fix CVE-2017-2599
To remediate CVE-2017-2599, upgrade the affected package to a fixed version below.
- Maven/org.jenkins-ci.main:jenkins-core—upgrade to 2.32.2 or later
Is CVE-2017-2599 being exploited?
Low — EPSS is 0.2%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 2.32.2
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM5.4 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N |