CVE-2017-2598

medium

Description

Jenkins before versions 2.44, 2.32.2 uses AES ECB block cipher mode without IV for encrypting secrets which makes Jenkins and the stored secrets vulnerable to unnecessary risks (SECURITY-304).

References

https://jenkins.io/security/advisory/2017-02-01/

https://github.com/jenkinsci/jenkins/commit/e6aa166246d1734f4798a9e31f78842f4c85c28b

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2598

http://www.securityfocus.com/bid/95948

Details

Source: Mitre, NVD

Published: 2018-05-23

Updated: 2019-10-09

Risk Information

CVSS v2

Base Score: 4

Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:N/A:N

Severity: Medium

CVSS v3

Base Score: 4.3

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N