CVE-2017-2604: Improper Authentication

May 15, 2018 (updated October 9, 2019)

In Jenkins, low privilege users were able to act on administrative monitors due to them not being consistently protected by permission checks.

References

www.securityfocus.com/bid/95959
bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2604
jenkins.io/security/advisory/2017-02-01/
nvd.nist.gov/vuln/detail/CVE-2017-2604

Code Behaviors & Features

Detect and mitigate CVE-2017-2604 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →