CVE-2017-2598

Summary

Jenkins before versions 2.44, 2.32.2 uses AES ECB block cipher mode without IV for encrypting secrets which makes Jenkins and the stored secrets vulnerable to unnecessary risks (SECURITY-304).

Affected Software

VendorProductVersion RangeStatus
[UNKNOWN]jenkinsjenkins 2.44affected
[UNKNOWN]jenkinsjenkins 2.32.2affected

Weaknesses

  • CWE-325: CWE-325

ADP Enrichment

CVE Program Container

Additional References

References