CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2017-1000090

Role-based Authorization Strategy Plugin was not requiring requests to its API be sent via POST, thereby opening itself to Cross-Site Request Forgery attacks. This allowed attackers to add administrator role to any user, or to remove the authorization configuration, preventing legitimate access to Jenkins.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 19.8%

CVSS Severity

CVSS v3 Score 8.8

CVSS v2 Score 6.8

References

Products affected by CVE-2017-1000090

Jenkins » Role-Based Authorization Strategy » Version: 1.0

cpe:2.3:a:jenkins:role-based_authorization_strategy:1.0
Jenkins » Role-Based Authorization Strategy » Version: 1.1

cpe:2.3:a:jenkins:role-based_authorization_strategy:1.1
Jenkins » Role-Based Authorization Strategy » Version: 1.1.1

cpe:2.3:a:jenkins:role-based_authorization_strategy:1.1.1
Jenkins » Role-Based Authorization Strategy » Version: 1.1.2

cpe:2.3:a:jenkins:role-based_authorization_strategy:1.1.2
Jenkins » Role-Based Authorization Strategy » Version: 1.1.3

cpe:2.3:a:jenkins:role-based_authorization_strategy:1.1.3
Jenkins » Role-Based Authorization Strategy » Version: 2.1.0

cpe:2.3:a:jenkins:role-based_authorization_strategy:2.1.0
Jenkins » Role-Based Authorization Strategy » Version: 2.2.0

cpe:2.3:a:jenkins:role-based_authorization_strategy:2.2.0
Jenkins » Role-Based Authorization Strategy » Version: 2.3.0

cpe:2.3:a:jenkins:role-based_authorization_strategy:2.3.0
Jenkins » Role-Based Authorization Strategy » Version: 2.3.1

cpe:2.3:a:jenkins:role-based_authorization_strategy:2.3.1
Jenkins » Role-Based Authorization Strategy » Version: 2.3.2

cpe:2.3:a:jenkins:role-based_authorization_strategy:2.3.2
Jenkins » Role-Based Authorization Strategy » Version: 2.4.0

cpe:2.3:a:jenkins:role-based_authorization_strategy:2.4.0
Jenkins » Role-Based Authorization Strategy » Version: 2.5.0

cpe:2.3:a:jenkins:role-based_authorization_strategy:2.5.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2017-1000090

Products

Pricing

Contact Us