Vulnerabilities > CVE-2017-1000105 - Missing Authorization vulnerability in Jenkins Blue Ocean

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

NONE

network

low complexity

jenkins

CWE-862

NVD

Published: 2017-10-05

Updated: 2020-08-24

Summary

The optional Run/Artifacts permission can be enabled by setting a Java system property. Blue Ocean did not check this permission before providing access to archived artifacts, Item/Read permission was sufficient.

Vulnerable Configurations

Part	Description	Count
Application	Jenkins Jenkins Blue Ocean 1.0.0 Jenkins Blue Ocean 1.0.1 Jenkins Blue Ocean 1.1.0 Jenkins Blue Ocean 1.1.1 Jenkins Blue Ocean 1.1.2 Jenkins Blue Ocean 1.1.3 Jenkins Blue Ocean 1.1.4 Jenkins Blue Ocean 1.1.5 Jenkins Blue Ocean 1.2.0	32

Common Weakness Enumeration (CWE)

CWE-862 - Missing Authorization

References

https://jenkins.io/security/advisory/2017-08-07/