CVE-2017-2652
CVE-2017-2652
Vexday Risk Score
3Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS —EPSS 1.4%KEV nãoPoC —Nuclei —Metasploit —Patch —
Ciclo de vida
27 jul 2018Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
It was found that there were no permission checks performed in the Distributed Fork plugin before and including 1.5.0 for Jenkins that provides the dist-fork CLI command beyond the basic check for Overall/Read permission, allowing anyone with that permission to run arbitrary shell commands on all connected nodes.
Productos afectados
Jenkins project · DistFork Jenkins plugin¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →