CVE-2017-2600
Exposure of Sensitive Information to an Unauthorized Actor in Jenkins
4.3
MEDIUM
CVSS 3.1
EPSS 0.03%
Description
In Jenkins before versions 2.44 and 2.32.2, node monitor data could be viewed by low privilege users via the remote API. These included system configuration and runtime information of these nodes (SECURITY-343).
How to fix CVE-2017-2600
To remediate CVE-2017-2600, upgrade the affected package to a fixed version below.
- —upgrade to 2.32.2 or later
Is CVE-2017-2600 being exploited?
Low — EPSS is 0.0%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 2.32.2
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM4.3 | CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |