CVE-2017-2652

CVE-2017-2652

Vendor Jenkins Project
Product DistFork Jenkins plugin
Weakness CWE-862 · Missing authorization
Published July 27, 2018
Last update September 16, 2024

CVSS base score

What the vulnerability does

01Description

It was found that there were no permission checks performed in the Distributed Fork plugin before and including 1.5.0 for Jenkins that provides the dist-fork CLI command beyond the basic check for Overall/Read permission, allowing anyone with that permission to run arbitrary shell commands on all connected nodes.

Key dates

02Disclosure timeline

July 27, 2018 CVE published
September 16, 2024 Record updated