CVE-2017-2602 LOW

CVE-2017-2602

Vendor [Unknown]
Product jenkins
Weakness CWE-184
Published May 15, 2018
Last update August 5, 2024

CVSS base score

3.1/10
Attack vector Network
Attack complexity High
Privileges required Low
User interaction None
Confidentiality None
Integrity Low

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N

What the vulnerability does

01Description

jenkins before versions 2.44, 2.32.2 is vulnerable to an improper blacklisting of the Pipeline metadata files in the agent-to-master security subsystem. This could allow metadata files to be written to by malicious agents (SECURITY-358).

Key dates

02Disclosure timeline

May 15, 2018 CVE published
August 5, 2024 Record updated