Base Score

LOW3.5

CVE-2017-2603

Jenkins before versions 2.44, 2.32.2 is vulnerable to a user data leak in disconnected agents' config.xml API. This could leak sensitive data such as API tokens (SECURITY-362).

VectorNETWORK

Published Bysecalert@redhat.com

Published DateMay 15, 2018, 21:29

Affected Versions(2)

org.jenkins-ci.main:jenkins-core(Maven)

Introduced0

Fixed2.32.2

LimitN/A

org.jenkins-ci.main:jenkins-core(Maven)

Introduced2.34

Fixed2.44

LimitN/A

Package (Ecosystem)	Introduced	Fixed	Limit
org.jenkins-ci.main:jenkins-core(Maven)	0	2.32.2	N/A
org.jenkins-ci.main:jenkins-core(Maven)	2.34	2.44	N/A

Weakness Type (CWE):CWE-200

CVSS Metrics

Base Score

3.5

Vector String

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N

Base Severity

LOW

Version

3.0

Attack Vector (AV)

NETWORK

Attack Complexity (AC)

LOW

Privileges Required (PR)

LOW

User Interaction (UI)

REQUIRED

Scope (S)

UNCHANGED

Confidentiality (C)

LOW

Integrity (I)

NONE

Availability (A)

NONE

References

Base Score

LOW3.5

Weakness Type (CWE):CWE-200

CVSS Metrics

Base Score

3.5

Vector String

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N

Base Severity

LOW

Version

3.0

Attack Vector (AV)

NETWORK

Attack Complexity (AC)

LOW

Privileges Required (PR)

LOW

User Interaction (UI)

REQUIRED

Scope (S)

UNCHANGED

Confidentiality (C)

LOW

Integrity (I)

NONE

Availability (A)

NONE