// For flags

CVE-2017-1000106

 

Severity Score

8.5
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Blue Ocean allows the creation of GitHub organization folders that are set up to scan a GitHub organization for repositories and branches containing a Jenkinsfile, and create corresponding pipelines in Jenkins. Its SCM content REST API supports the pipeline creation and editing feature in Blue Ocean. The SCM content REST API did not check the current user's authentication or credentials. If the GitHub organization folder was created via Blue Ocean, it retained a reference to its creator's GitHub credentials. This allowed users with read access to the GitHub organization folder to create arbitrary commits in the repositories inside the GitHub organization corresponding to the GitHub organization folder with the GitHub credentials of the creator of the organization folder. Additionally, users with read access to the GitHub organization folder could read arbitrary file contents from the repositories inside the GitHub organization corresponding to the GitHub organization folder if the branch contained a Jenkinsfile (which could be created using the other part of this vulnerability), and they could provide the organization folder name, repository name, branch name, and file name.

Blue Ocean permite la creación de carpetas de organización de GitHub que están configuradas para escanear una organización de GitHub en busca de repositorios y ramas que contengan un archivo Jenkins y crear las correspondientes pipelines en Jenkins. Su API REST de contenido SCM es compatible con la característica de creación y edición de pipelines en Blue Ocean. La API REST de contenido SCM no chequea la autenticación o las credenciales del usuario actual. Si la carpeta de organización de GitHub se creó con Blue Ocean, entonces retiene una referencia a las credenciales de GitHub de su creador. Esto permite a los usuarios con acceso de lectura de la carpeta de organización de GitHub crear commits arbitrarios en los repositorios de dentro de la organización de GitHub correspondiente a la carpeta de organización de GitHub con las credenciales de GitHub del creador de dicha carpeta. Además, los usuarios con acceso de lectura a la carpeta de organización de GitHub podrían leer contenidos de archivos arbitrariamente de los repositorios de dentro de la organización de GitHub que corresponde a la carpeta de organización de GitHub si la rama contuviera un archivo Jenkinsfile (que se podría crear usando la otra parte de esta vulnerabilidad), y podrían proporcional el nombre de la carpeta de organización, del repositorio, de la rama y del archivo.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Changed
Confidentiality
Low
Integrity
High
Availability
None
Attack Vector
Network
Attack Complexity
Low
Authentication
Single
Confidentiality
Partial
Integrity
Partial
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2017-10-03 CVE Reserved
  • 2017-10-04 CVE Published
  • 2024-04-25 EPSS Updated
  • 2024-09-16 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-287: Improper Authentication
CAPEC
References (1)
URL Tag Source
URL Date SRC
URL Date SRC
URL Date SRC
https://jenkins.io/security/advisory/2017-08-07 2019-10-03
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Jenkins
Search vendor "Jenkins"
 Blue Ocean
Search vendor "Jenkins" for product "Blue Ocean"
 <= 1.1.5
Search vendor "Jenkins" for product "Blue Ocean" and version " <= 1.1.5"
jenkins
Affected
Jenkins
Search vendor "Jenkins"
 Blue Ocean
Search vendor "Jenkins" for product "Blue Ocean"
 1.2.0
Search vendor "Jenkins" for product "Blue Ocean" and version "1.2.0"
beta1, jenkins
Affected
Jenkins
Search vendor "Jenkins"
 Blue Ocean
Search vendor "Jenkins" for product "Blue Ocean"
 1.2.0
Search vendor "Jenkins" for product "Blue Ocean" and version "1.2.0"
beta2, jenkins
Affected
Jenkins
Search vendor "Jenkins"
 Blue Ocean
Search vendor "Jenkins" for product "Blue Ocean"
 1.2.0
Search vendor "Jenkins" for product "Blue Ocean" and version "1.2.0"
beta3, jenkins
Affected