CVE-2017-2652
Expert Analysis
Professional remediation guidance
Get tailored security recommendations from our analyst team for CVE-2017-2652. We'll provide specific mitigation strategies based on your environment and risk profile.
Description
It was found that there were no permission checks performed in the Distributed Fork plugin before and including 1.5.0 for Jenkins that provides the dist-fork CLI command beyond the basic check for Overall/Read permission, allowing anyone with that permission to run arbitrary shell commands on all connected nodes.
Available Exploits
Related News
Affected Products
Affected Versions:
GitHub Security Advisories
Community-driven vulnerability intelligence from GitHub
Missing permission checks in Jenkins Distributed Fork Plugin
GHSA-2cm5-f78c-h2c8Advisory Details
Affected Packages
CVSS Scoring
CVSS Score
CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
References
Advisory provided by GitHub Security Advisory Database. Published: May 13, 2022, Modified: January 30, 2024