CVE-2017-1000104

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2017-1000104
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-1000104.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2017-1000104
Aliases
Published
2017-10-05T01:29:04Z
Modified
2024-09-03T01:33:23.616501Z
Severity
  • 6.5 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
[none]
Details

The Config File Provider Plugin is used to centrally manage configuration files that often include secrets, such as passwords. Users with only Overall/Read access to Jenkins were able to access URLs directly that allowed viewing these files. Access to view these files now requires sufficient permissions to configure the provided files, view the configuration of the folder in which the configuration files are defined, or have Job/Configure permissions to a job able to use these files.

References

Affected packages

Git / github.com/jenkinsci/config-file-provider-plugin

Affected ranges

Type
GIT
Repo
https://github.com/jenkinsci/config-file-provider-plugin
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
b258b594bf8a0ddca22ddecf63e39091acd83e6d

Affected versions

2.*

2.8.1

config-file-provider-1.*

config-file-provider-1.0
config-file-provider-1.1
config-file-provider-1.2
config-file-provider-1.4
config-file-provider-1.5
config-file-provider-1.6
config-file-provider-1.6.1
config-file-provider-1.9.1

config-file-provider-2.*

config-file-provider-2.0
config-file-provider-2.1
config-file-provider-2.1.1
config-file-provider-2.10.0
config-file-provider-2.10.1
config-file-provider-2.11
config-file-provider-2.12
config-file-provider-2.13
config-file-provider-2.14-beta
config-file-provider-2.14.1-beta
config-file-provider-2.14.2-beta
config-file-provider-2.15
config-file-provider-2.15.1
config-file-provider-2.15.2-beta
config-file-provider-2.15.3
config-file-provider-2.15.3-beta
config-file-provider-2.15.4
config-file-provider-2.15.5
config-file-provider-2.15.6
config-file-provider-2.15.7
config-file-provider-2.16.0
config-file-provider-2.16.1
config-file-provider-2.2.1
config-file-provider-2.3
config-file-provider-2.4
config-file-provider-2.5
config-file-provider-2.5.1
config-file-provider-2.6
config-file-provider-2.6.1
config-file-provider-2.6.2
config-file-provider-2.7
config-file-provider-2.7.1
config-file-provider-2.7.2
config-file-provider-2.7.3
config-file-provider-2.7.4
config-file-provider-2.7.5
config-file-provider-2.9.1
config-file-provider-2.9.2
config-file-provider-2.9.3

config-provider-model-1.*

config-provider-model-1.0
config-provider-model-1.1
config-provider-model-1.2
config-provider-model-1.3
config-provider-model-1.3.1
config-provider-model-1.3.2
config-provider-model-1.3.3
config-provider-model-1.3.4