CVE-2017-2611
Incorrect Authorization in Jenkins Core
4.3
MEDIUM
CVSS 3.1
EPSS 0.29%
Description
Jenkins before versions before 2.44 are vulnerable to an insufficient permission check for periodic processes (SECURITY-389). The URLs /workspaceCleanup and /fingerprintCleanup did not perform permission checks, allowing users with read access to Jenkins to trigger these background processes (that are otherwise performed daily), possibly causing additional load on Jenkins master and agents.
How to fix CVE-2017-2611
To remediate CVE-2017-2611, upgrade the affected package to a fixed version below.
- —upgrade to 2.44 or later
Is CVE-2017-2611 being exploited?
Low — EPSS is 0.3%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 2.44
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM4.3 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L |