jenkins before versions 2.44, 2.32.2 is vulnerable to an improper blacklisting of the Pipeline metadata files in the agent-to-master…
redhat·CWE-184·Published 2018-05-15
jenkins before versions 2.44, 2.32.2 is vulnerable to an improper blacklisting of the Pipeline metadata files in the agent-to-master security subsystem. This could allow metadata files to be written to by malicious agents (SECURITY-358).
jenkins before versions 2.44, 2.32.2 is vulnerable to an improper blacklisting of the Pipeline metadata files in the agent-to-master security subsystem. This could allow metadata files to be written to by malicious agents (SECURITY-358).
Jenkins before versions 2.44 and 2.32.2 is vulnerable to an improper blacklisting of the Pipeline metadata files in the agent-to-master security subsystem. This could allow metadata files to be written to by malicious agents (SECURITY-358).
Jenkins before versions 2.44 and 2.32.2 is vulnerable to an improper blacklisting of the Pipeline metadata files in the agent-to-master security subsystem. This could allow metadata files to be written to by malicious agents (SECURITY-358).
Jenkins en versiones anteriores a la 2.44 y 2.32.2 es vulnerable a una lista negra incorrecta de los archivos de metadatos de Pipeline en el subsistema de seguridad de agente-maestro. Esto podría permitir que los archivos de metadatos sean escritos por agentes maliciosos (SECURITY-358).
| Version | Type | Source | Base | Exp | Impact | Vector |
|---|---|---|---|---|---|---|
| 2.0 | Primary | NVD | 4.0 | 8.0 | 2.9 | AV:N/AC:L/Au:S/C:N/I:P/A:N |
| 3.0 | Primary | NVD | 4.3 | 2.8 | 1.4 | CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N |
| 3.0 | Primary | cve.org | 3.1 | — | — | CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N |
| 3.0 | Primary | cve.org | 3.1 | — | — | CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N |
| 3.0 | Secondary | NVD | 3.1 | 1.6 | 1.4 | CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N |
| 3.1 | Secondary | GHSA | 4.3 | — | — | CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N |