Lucene search
GoogleOSV:CVE-2017-1000354HistoryJan 29, 2018 - 5:29 p.m.
CVE-2017-1000354
2018-01-2917:29:00
Google
osv.dev
11
Jenkins versions 2.56 and earlier as well as 2.46.1 LTS and earlier are vulnerable to a login command which allowed impersonating any Jenkins user. The login command available in the remoting-based CLI stored the encrypted user name of the successfully authenticated user in a cache file used to authenticate further commands. Users with sufficient permission to create secrets in Jenkins, and download their encrypted values (e.g. with Job/Configure permission), were able to impersonate any other Jenkins user on the same instance.
Related
prion
prion
Design/Logic Flaw
2018-01-29 17:29:00
cve
cve
CVE-2017-1000354
2018-01-29 17:29:00
nvd
nvd
CVE-2017-1000354
2018-01-29 17:29:00
osv
osv
Improper Authentication in Jenkins
2022-05-14 03:44:30
seebug
seebug
cvelist
cvelist
CVE-2017-1000354
2018-01-29 17:00:00
github
github
Improper Authentication in Jenkins
2022-05-14 03:44:30
ubuntucve
ubuntucve
CVE-2017-1000354
2018-01-29 00:00:00
redhatcve
redhatcve
CVE-2017-1000354
2017-05-03 08:54:02
veracode
veracode
Improper Authentication
2024-04-22 06:12:42
archlinux
archlinux
[ASA-201704-8] jenkins: multiple issues
2017-04-27 00:00:00
openvas
openvas
Jenkins Multiple Vulnerabilities (Apr 2017) - Linux
2017-04-28 00:00:00
Jenkins Multiple Vulnerabilities (Apr 2017) - Windows
2017-04-28 00:00:00
freebsd
freebsd
jenkins -- multiple vulnerabilities
2017-04-26 00:00:00
