Home

CVE-2017-1000356

Description

Jenkins versions 2.56 and earlier as well as 2.46.1 LTS and earlier are vulnerable to an issue in the Jenkins user database authentication realm: create an account if signup is enabled; or create an account if the victim is an administrator, possibly deleting the existing default admin user in the process and allowing a wide variety of impacts.

Risk Information

Base Score
8.8
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
8.667

Associated Vulnerability

VulnerabilityOS Platform
Multiple vulnerabilities affected in Jenkins 2.56Windows
Vulnerabilities CVE-2017-1000355,CVE-2017-1000356,CVE-2017-1000354,CVE-2017-1000353 are fixed in Jenkins-Core 2.57Windows
Vulnerabilities CVE-2017-1000355,CVE-2017-1000356,CVE-2017-1000354,CVE-2017-1000353 are fixed in Jenkins-Core 2.46.2Windows
Multiple vulnerabilities affected in Jenkins 2.56 (For Ubuntu)Linux
Multiple vulnerabilities affected in Jenkins 2.56 (For Debian)Linux
Multiple vulnerabilities affected in Jenkins 2.56 (For Centos)Linux
Multiple vulnerabilities affected in Jenkins 2.56 (For RedHat)Linux
Multiple vulnerabilities affected in Jenkins 2.56 (For Suse)Linux
Vulnerabilities CVE-2017-1000355,CVE-2017-1000356,CVE-2017-1000354,CVE-2017-1000353 are fixed in Jenkins-Core for Linux 2.57Linux
Vulnerabilities CVE-2017-1000355,CVE-2017-1000356,CVE-2017-1000354,CVE-2017-1000353 are fixed in Jenkins-Core for Linux 2.46.2Linux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234