Lucene search
GoogleOSV:CVE-2017-1000362HistoryJul 17, 2017 - 1:18 p.m.
CVE-2017-1000362
2017-07-1713:18:18
Google
osv.dev
10
The re-key admin monitor was introduced in Jenkins 1.498 and re-encrypted all secrets in JENKINS_HOME with a new key. It also created a backup directory with all old secrets, and the key used to encrypt them. These backups were world-readable and not removed afterwards. Jenkins now deletes the backup directory, if present. Upgrading from before 1.498 will no longer create a backup directory. Administrators relying on file access permissions in their manually created backups are advised to check them for the directory $JENKINS_HOME/jenkins.security.RekeySecretAdminMonitor/backups, and delete it if present.
References
Related
github
github
Exposure of Sensitive Information to an Unauthorized Actor in Jenkins
2022-05-17 02:25:41
osv
osv
Exposure of Sensitive Information to an Unauthorized Actor in Jenkins
2022-05-17 02:25:41
prion
prion
Directory traversal
2017-07-17 13:18:00
cve
cve
CVE-2017-1000362
2017-07-17 13:18:18
CVE-2017-2605
2017-07-24 17:29:00
nvd
nvd
CVE-2017-1000362
2017-07-17 13:18:18
CVE-2017-2605
2017-07-24 17:29:00
redhatcve
redhatcve
CVE-2017-1000362
2017-07-25 08:09:55
cvelist
cvelist
CVE-2017-1000362
2017-07-13 20:00:00
openvas
openvas
Jenkins Multiple Vulnerabilities (Feb 2017) - Linux
2017-03-13 00:00:00
Jenkins Multiple Vulnerabilities (Feb 2017) - Windows
2017-03-13 00:00:00
nessus
nessus