Published: 29/01/2018 Updated: 15/02/2018

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8

VMScore: 605

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Jenkins versions 2.56 and previous versions as well as 2.46.1 LTS and previous versions are vulnerable to an issue in the Jenkins user database authentication realm: create an account if signup is enabled; or create an account if the victim is an administrator, possibly deleting the existing default admin user in the process and allowing a wide variety of impacts.

Vulnerable Product	Search on Vulmon	Subscribe to Product
jenkins jenkins

Jenkins versions 256 and earlier as well as 2461 LTS and earlier are vulnerable to an issue in the Jenkins user database authentication realm: create an account if signup is enabled; or create an account if the victim is an administrator, possibly deleting the existing default admin user in the process and allowing a wide variety of impacts ...

Multiple Cross-Site Request Forgery vulnerabilities in Jenkins allowed malicious users to perform several administrative actions by tricking a victim into opening a web page The most notable ones: SECURITY-412: Restart Jenkins immediately, after all builds are finished, or after all plugin installations and builds are finished SECURITY-412: Sched ...

CWE-352 https://jenkins.io/security/advisory/2017-04-26/http://www.securityfocus.com/bid/98062 https://nvd.nist.gov https://access.redhat.com/security/cve/cve-2017-1000356 https://security.archlinux.org/CVE-2017-1000356

CVE-2017-1000356

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect