Lucene search
Redhat.comRH:CVE-2017-1000362HistoryJul 25, 2017 - 8:09 a.m.
CVE-2017-1000362
2017-07-2508:09:55
redhat.com
access.redhat.com
15
EPSS
0.002
Percentile
64.7%
The re-key admin monitor was introduced in Jenkins 1.498 and re-encrypted all secrets in JENKINS_HOME with a new key. It also created a backup directory with all old secrets, and the key used to encrypt them. These backups were world-readable and not removed afterwards. Jenkins now deletes the backup directory, if present. Upgrading from before 1.498 will no longer create a backup directory. Administrators relying on file access permissions in their manually created backups are advised to check them for the directory $JENKINS_HOME/jenkins.security.RekeySecretAdminMonitor/backups, and delete it if present.
Related
github
github
Exposure of Sensitive Information to an Unauthorized Actor in Jenkins
2022-05-17 02:25:41
osv
osv
CVE-2017-1000362
2017-07-17 13:18:18
Exposure of Sensitive Information to an Unauthorized Actor in Jenkins
2022-05-17 02:25:41
cve
cve
CVE-2017-1000362
2017-07-17 13:18:18
CVE-2017-2605
2017-07-24 17:29:00
cvelist
cvelist
CVE-2017-1000362
2017-07-13 20:00:00
nvd
nvd
CVE-2017-1000362
2017-07-17 13:18:18
CVE-2017-2605
2017-07-24 17:29:00
prion
prion
Directory traversal
2017-07-17 13:18:00
openvas
openvas
Jenkins Multiple Vulnerabilities (Feb 2017) - Linux
2017-03-13 00:00:00
Jenkins Multiple Vulnerabilities (Feb 2017) - Windows
2017-03-13 00:00:00
nessus
nessus