Medium severity5.3NVD Advisory· Published Oct 5, 2017· Updated Jun 17, 2026
CVE-2017-1000105
CVE-2017-1000105
Description
The optional Run/Artifacts permission can be enabled by setting a Java system property. Blue Ocean did not check this permission before providing access to archived artifacts, Item/Read permission was sufficient.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
io.jenkins.blueocean:blueoceanMaven | <= 1.2.4 | — |
Affected products
5cpe:2.3:a:jenkins:blue_ocean:1.2.0:beta-1:*:*:*:jenkins:*:*+ 3 more
- cpe:2.3:a:jenkins:blue_ocean:1.2.0:beta-1:*:*:*:jenkins:*:*
- cpe:2.3:a:jenkins:blue_ocean:1.2.0:beta-2:*:*:*:jenkins:*:*
- cpe:2.3:a:jenkins:blue_ocean:1.2.0:beta-3:*:*:*:jenkins:*:*
- cpe:2.3:a:jenkins:blue_ocean:*:*:*:*:*:jenkins:*:*range: <=1.1.5
Patches
Vulnerability mechanics
References
4- github.com/advisories/GHSA-phf8-3qgv-rg5qghsaADVISORY
- jenkins.io/security/advisory/2017-08-07/nvdVendor Advisory
- nvd.nist.gov/vuln/detail/CVE-2017-1000105ghsaADVISORY
- jenkins.io/security/advisory/2017-08-07ghsaWEB
News mentions
0No linked articles in our index yet.