1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
|
Candidate: CVE-2017-2611
PublicDate: 2017-02-01
References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2611
https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2017-02-01
Description:
The URLs /workspaceCleanup and /fingerprintCleanup did not perform
permission checks, allowing users with read access to Jenkins to
trigger these background processes (that are otherwise performed daily),
possibly causing additional load on Jenkins master and agents.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by: Robert Picard
Assigned-to:
Patches_jenkins:
upstream_jenkins: released (2.44, 2.32.2)
precise_jenkins: ignored (reached end-of-life)
precise/esm_jenkins: DNE (precise was needed)
trusty_jenkins: DNE
vivid/stable-phone-overlay_jenkins: DNE
vivid/ubuntu-core_jenkins: DNE
xenial_jenkins: DNE
yakkety_jenkins: DNE
zesty_jenkins: DNE
devel_jenkins: DNE
|