CVE-2017-2599: Improper Privilege Management

April 11, 2018 (updated October 9, 2019)

Jenkins is vulnerable to an insufficient permission check. This allows users with permissions to create new items to overwrite existing items they don’t have access to.

References

www.securityfocus.com/bid/95949
bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2599
jenkins.io/security/advisory/2017-02-01/
nvd.nist.gov/vuln/detail/CVE-2017-2599

Code Behaviors & Features

Detect and mitigate CVE-2017-2599 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →