Lucene search
GoogleOSV:GHSA-R57F-7XW3-Q2R9HistoryMay 14, 2022 - 3:44 a.m.
Improper Authentication in Jenkins
2022-05-1403:44:30
Google
osv.dev
24
jenkins
improper authentication
vulnerability
remoting-based cli
cache file
secrets
permission
EPSS
0.001
Percentile
43.6%
Jenkins versions 2.56 and earlier as well as 2.46.1 LTS and earlier are vulnerable to a login command which allowed impersonating any Jenkins user. The login command available in the remoting-based CLI stored the encrypted user name of the successfully authenticated user in a cache file used to authenticate further commands. Users with sufficient permission to create secrets in Jenkins, and download their encrypted values (e.g. with Job/Configure permission), were able to impersonate any other Jenkins user on the same instance.
Related
prion
prion
Design/Logic Flaw
2018-01-29 17:29:00
cve
cve
CVE-2017-1000354
2018-01-29 17:29:00
nvd
nvd
CVE-2017-1000354
2018-01-29 17:29:00
osv
osv
CVE-2017-1000354
2018-01-29 17:29:00
seebug
seebug
cvelist
cvelist
CVE-2017-1000354
2018-01-29 17:00:00
github
github
Improper Authentication in Jenkins
2022-05-14 03:44:30
ubuntucve
ubuntucve
CVE-2017-1000354
2018-01-29 00:00:00
redhatcve
redhatcve
CVE-2017-1000354
2017-05-03 08:54:02
veracode
veracode
Improper Authentication
2024-04-22 06:12:42
archlinux
archlinux
[ASA-201704-8] jenkins: multiple issues
2017-04-27 00:00:00
openvas
openvas
Jenkins Multiple Vulnerabilities (Apr 2017) - Linux
2017-04-28 00:00:00
Jenkins Multiple Vulnerabilities (Apr 2017) - Windows
2017-04-28 00:00:00
freebsd
freebsd
jenkins -- multiple vulnerabilities
2017-04-26 00:00:00
