CVE-2017-2652
N/A
N/A
Summary
It was found that there were no permission checks performed in the Distributed Fork plugin before and including 1.5.0 for Jenkins that provides the dist-fork CLI command beyond the basic check for Overall/Read permission, allowing anyone with that permission to run arbitrary shell commands on all connected nodes.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Jenkins project | DistFork Jenkins plugin | <=1.5.0 | affected |
Weaknesses
- CWE-862: CWE-862
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.