Lucene search

[email protected]CVE-2017-1000242

HistoryNov 01, 2017 - 1:29 p.m.

CVE-2017-1000242

2017-11-0113:29:00

CWE-200

[email protected]

web.nvd.nist.gov

cve-2017-1000242

jenkins

git client plugin

temporary file

insecure permissions

information disclosure

nvd

2.1 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

3.3 Low

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

3.8 Low

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

12.7%

JSON

Jenkins Git Client Plugin 2.4.2 and earlier creates temporary file with insecure permissions resulting in information disclosure

Affected configurations

NVD

Node

jenkinsgit_clientRange≤2.4.2jenkins

CPENameOperatorVersion
jenkins:git_clientjenkins git clientle2.4.2

CPE	Name	Operator	Version
jenkins:git_client	jenkins git client	le	2.4.2

References

www.securityfocus.com/bid/101940

jenkins.io/security/advisory/2017-04-27/

2.1 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

3.3 Low

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

3.8 Low

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

12.7%

JSON

Related for CVE-2017-1000242

osv2 nvd1 prion1 redhatcve1 cvelist1 github1