CVE-2017-1000356

Metadata

medium
6.8
jenkins
CVE-2017-1000356
cve.mitre.org
2018-01-29
2018-02-15 16:35
2018-02-01 19:03
2018-01-29 20:35
2017-05-10 23:55
2017-04-28 13:03

Description

Jenkins versions 2.56 and earlier as well as 2.46.1 LTS and earlier are vulnerable to an issue in the Jenkins user database authentication realm: create an account if signup is enabled; or create an account if the victim is an administrator, possibly deleting the existing default admin user in the process and allowing a wide variety of impacts.

Am I vulnerable?

The constraints below list the versions that this vulnerability is patched in, and versions that are unaffected. If a patch is ready but unrealeased, then it is pending.

Or, you can just let us figure it out for you! Appcanary continously monitor your installed packages, and tell you if any of them are vulnerable.

Sign up for monitoring

Affected package information

None

Unaffected

Release Package Reason
precise jenkins ignored
precise/esm jenkins DNE
trusty jenkins DNE
vivid/stable-phone-overlay jenkins DNE
vivid/ubuntu-core jenkins DNE
xenial jenkins DNE
yakkety jenkins DNE
zesty jenkins DNE
devel jenkins DNE

Needs Triage

Release Package Reason
upstream jenkins needs-triage