CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2017-2650

It was found that the use of Pipeline: Classpath Step Jenkins plugin enables a bypass of the Script Security sandbox for users with SCM commit access, as well as users with e.g. Job/Configure permission in Jenkins.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 32.1%

CVSS Severity

CVSS v3 Score 8.5

CVSS v2 Score 6.0

References

http://www.securityfocus.com/bid/96981
https://jenkins.io/security/advisory/2017-03-20/
http://www.securityfocus.com/bid/96981
https://jenkins.io/security/advisory/2017-03-20/

Products affected by CVE-2017-2650

Jenkins » Pipeline Classpath Step » Version: 0.1.0

cpe:2.3:a:jenkins:pipeline_classpath_step:0.1.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2017-2650

Products

Pricing

Contact Us