1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
|
Candidate: CVE-2017-2604
PublicDate: 2017-02-01
References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2604
https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2017-02-01
Description:
Administrative monitors are warnings about the system state shown to
Jenkins admins. They sometimes provide actions to e.g. automatically
address the reported problem, or disable the warning. These actions
were not consistently protected by permission checks, thereby allowing
low privilege users to act on them.
All administrative monitors now require the user accessing them to be
an administrator.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by: Daniel Beck
Assigned-to:
Patches_jenkins:
upstream_jenkins: released (2.44, 2.32.2)
precise_jenkins: ignored (reached end-of-life)
precise/esm_jenkins: DNE (precise was needed)
trusty_jenkins: DNE
vivid/stable-phone-overlay_jenkins: DNE
vivid/ubuntu-core_jenkins: DNE
xenial_jenkins: DNE
yakkety_jenkins: DNE
zesty_jenkins: DNE
devel_jenkins: DNE
|