Lucene search

[email protected]CVE-2017-1000084

HistoryOct 05, 2017 - 1:29 a.m.

CVE-2017-1000084

2017-10-0501:29:03

CWE-276

[email protected]

web.nvd.nist.gov

cve

2017

1000084

parameterized trigger plugin

security

vulnerability

nvd

jenkins

4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:N/I:P/A:N

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

0.001 Low

EPSS

Percentile

21.7%

JSON

Parameterized Trigger Plugin fails to check Item/Build permission: The Parameterized Trigger Plugin did not check the build authentication it was running as and allowed triggering any other project in Jenkins.

Affected configurations

NVD

Node

jenkinsparameterized_triggerMatch1.0jenkins

jenkinsparameterized_triggerMatch1.1jenkins

jenkinsparameterized_triggerMatch1.2jenkins

jenkinsparameterized_triggerMatch1.3jenkins

jenkinsparameterized_triggerMatch1.4jenkins

jenkinsparameterized_triggerMatch1.5jenkins

jenkinsparameterized_triggerMatch1.6jenkins

jenkinsparameterized_triggerMatch2.0jenkins

jenkinsparameterized_triggerMatch2.1jenkins

jenkinsparameterized_triggerMatch2.2jenkins

jenkinsparameterized_triggerMatch2.3jenkins

jenkinsparameterized_triggerMatch2.4jenkins

jenkinsparameterized_triggerMatch2.5jenkins

jenkinsparameterized_triggerMatch2.6jenkins

jenkinsparameterized_triggerMatch2.7jenkins

jenkinsparameterized_triggerMatch2.8jenkins

jenkinsparameterized_triggerMatch2.9jenkins

jenkinsparameterized_triggerMatch2.10jenkins

jenkinsparameterized_triggerMatch2.11jenkins

jenkinsparameterized_triggerMatch2.12jenkins

jenkinsparameterized_triggerMatch2.13jenkins

jenkinsparameterized_triggerMatch2.14jenkins

jenkinsparameterized_triggerMatch2.15jenkins

jenkinsparameterized_triggerMatch2.16jenkins

jenkinsparameterized_triggerMatch2.17jenkins

jenkinsparameterized_triggerMatch2.18jenkins

jenkinsparameterized_triggerMatch2.19jenkins

jenkinsparameterized_triggerMatch2.20jenkins

jenkinsparameterized_triggerMatch2.21jenkins

jenkinsparameterized_triggerMatch2.22jenkins

jenkinsparameterized_triggerMatch2.23jenkins

jenkinsparameterized_triggerMatch2.24jenkins

jenkinsparameterized_triggerMatch2.25jenkins

jenkinsparameterized_triggerMatch2.26jenkins

jenkinsparameterized_triggerMatch2.27jenkins

jenkinsparameterized_triggerMatch2.28jenkins

jenkinsparameterized_triggerMatch2.29jenkins

jenkinsparameterized_triggerMatch2.30jenkins

jenkinsparameterized_triggerMatch2.31jenkins

jenkinsparameterized_triggerMatch2.32jenkins

jenkinsparameterized_triggerMatch2.33jenkins

jenkinsparameterized_triggerMatch2.34jenkins

CPENameOperatorVersion
jenkins:parameterized_triggerjenkins parameterized triggereq1.0
jenkins:parameterized_triggerjenkins parameterized triggereq1.1
jenkins:parameterized_triggerjenkins parameterized triggereq1.2
jenkins:parameterized_triggerjenkins parameterized triggereq1.3
jenkins:parameterized_triggerjenkins parameterized triggereq1.4
jenkins:parameterized_triggerjenkins parameterized triggereq1.5
jenkins:parameterized_triggerjenkins parameterized triggereq1.6
jenkins:parameterized_triggerjenkins parameterized triggereq2.0
jenkins:parameterized_triggerjenkins parameterized triggereq2.1
jenkins:parameterized_triggerjenkins parameterized triggereq2.2

CPE	Name	Operator	Version
jenkins:parameterized_trigger	jenkins parameterized trigger	eq	1.0
jenkins:parameterized_trigger	jenkins parameterized trigger	eq	1.1
jenkins:parameterized_trigger	jenkins parameterized trigger	eq	1.2
jenkins:parameterized_trigger	jenkins parameterized trigger	eq	1.3
jenkins:parameterized_trigger	jenkins parameterized trigger	eq	1.4
jenkins:parameterized_trigger	jenkins parameterized trigger	eq	1.5
jenkins:parameterized_trigger	jenkins parameterized trigger	eq	1.6
jenkins:parameterized_trigger	jenkins parameterized trigger	eq	2.0
jenkins:parameterized_trigger	jenkins parameterized trigger	eq	2.1
jenkins:parameterized_trigger	jenkins parameterized trigger	eq	2.2

Rows per page:

1-10 of 421

References

jenkins.io/security/advisory/2017-07-10/

4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:N/I:P/A:N

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

0.001 Low

EPSS

Percentile

21.7%

JSON

Related for CVE-2017-1000084

cvelist1 github1 prion1 osv2 nvd1