CVE-2017-2600
UnknownEPSS 1.10%
Last modified
CVE-2017-2600 is a vulnerability of currently unknown severity. In jenkins before versions 2.44, 2.32.2 node monitor data could be viewed by low privilege users via the remote API. These included system configuration and runtime information of these nodes (SECURITY-343).. EPSS estimates a 1.10% chance of exploitation in the next 30 days.
Description
In jenkins before versions 2.44, 2.32.2 node monitor data could be viewed by low privilege users via the remote API. These included system configuration and runtime information of these nodes (SECURITY-343).
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Jenkins | Jenkins | < 2.44 |
| Jenkins | Jenkins | < 2.32.2 |
References
- http://www.securityfocus.com/bid/95954Third Party Advisory, VDB Entry
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2600Issue Tracking, Patch
- https://jenkins.io/security/advisory/2017-02-01/Vendor Advisory
- http://www.securityfocus.com/bid/95954Third Party Advisory, VDB Entry
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2600Issue Tracking, Patch
- https://jenkins.io/security/advisory/2017-02-01/Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2017-2600?
In jenkins before versions 2.44, 2.32.2 node monitor data could be viewed by low privilege users via the remote API. These included system configuration and runtime information of these nodes (SECURITY-343).
How severe is CVE-2017-2600?
Severity scoring for CVE-2017-2600 is pending analysis. The EPSS model estimates a 1.10% probability of exploitation in the next 30 days.
How do I fix CVE-2017-2600?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.
Are you affected by CVE-2017-2600?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST