Published: 29/01/2018 Updated: 15/02/2018

CVSS v2 Base Score: 6.5 | Impact Score: 6.4 | Exploitability Score: 8

CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8

VMScore: 578

Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P

Jenkins versions 2.56 and previous versions as well as 2.46.1 LTS and previous versions are vulnerable to a login command which allowed impersonating any Jenkins user. The `login` command available in the remoting-based CLI stored the encrypted user name of the successfully authenticated user in a cache file used to authenticate further commands. Users with sufficient permission to create secrets in Jenkins, and download their encrypted values (e.g. with Job/Configure permission), were able to impersonate any other Jenkins user on the same instance.

Vulnerable Product	Search on Vulmon	Subscribe to Product
jenkins jenkins

Jenkins versions 256 and earlier as well as 2461 LTS and earlier are vulnerable to a login command which allowed impersonating any Jenkins user The `login` command available in the remoting-based CLI stored the encrypted user name of the successfully authenticated user in a cache file used to authenticate further commands Users with sufficient ...

The login command available in the remoting-based CLI stored the encrypted user name of the successfully authenticated user in a cache file used to authenticate further commands Users with sufficient permission to create secrets in Jenkins, and download their encrypted values (eg with Job/Configure permission), were able to impersonate any other ...

CWE-287 https://jenkins.io/security/advisory/2017-04-26/http://www.securityfocus.com/bid/98065 https://nvd.nist.gov https://access.redhat.com/security/cve/cve-2017-1000354 https://security.archlinux.org/CVE-2017-1000354

CVE-2017-1000354

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect