CVE-2017-1000354

Jenkins versions 2.56 and earlier as well as 2.46.1 LTS and earlier are vulnerable to a login command which allowed impersonating any Jenkins user. The login command available in the remoting-based CLI stored the encrypted user name of the successfully authenticated user in a cache file used to authenticate further commands. Users with sufficient permission to create secrets in Jenkins, and download their encrypted values (e.g. with Job/Configure permission), were able to impersonate any other Jenkins user on the same instance.

Published: Jan 29, 2018
Updated: May 9, 2024
CVE: CVE-2017-1000354
GHSA: GHSA-r57f-7xw3-q2r9
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 8.8
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

Severity: Medium
Score: 6.5
AV:N/AC:L/Au:S/C:P/I:P/A:P

CWEs:

CWE-287

OWASP TOP 10:

A2 - Broken Authentication

Affected Software
References

Software	From	Fixed in
jenkins / jenkins	-	2.56.x
jenkins / jenkins	-	2.46.1.x
org.jenkins-ci.main / jenkins-core	2.50	2.57
org.jenkins-ci.main / jenkins-core	-	2.46.2

Vulnerability Database

289,599

CVE-2017-1000354