Medium severity5.3NVD Advisory· Published Oct 5, 2017· Updated May 13, 2026

CVE-2017-1000089

Description

Builds in Jenkins are associated with an authentication that controls the permissions that the build has to interact with other elements in Jenkins. The Pipeline: Build Step Plugin did not check the build authentication it was running as and allowed triggering any other project in Jenkins.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
org.jenkins-ci.plugins:pipeline-build-stepMaven	< 2.5.1	2.5.1

Affected products

Jenkins/Pipeline\
cpe:2.3:a:jenkins:pipeline\:_build_step:*:*:*:*:*:jenkins:*:*
Range: <=2.5

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/advisories/GHSA-8jx9-7j5m-79x4ghsaADVISORY
jenkins.io/security/advisory/2017-07-10/nvdVendor Advisory
nvd.nist.gov/vuln/detail/CVE-2017-1000089ghsaADVISORY
jenkins.io/security/advisory/2017-07-10ghsaWEB

News mentions

No linked articles in our index yet.

cvss	0.345
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000