CVE-2017-1000391
Description
Jenkins versions 2.88 and earlier and 2.73.2 and earlier stores metadata related to 'people', which encompasses actual user accounts, as well as users appearing in SCM, in directories corresponding to the user ID on disk. These directories used the user ID for their name without additional escaping, potentially resulting in problems like overwriting of unrelated configuration files.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
The AI Insight narrative is available to signed-in members. Sign in or create a free account to read it.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.jenkins-ci.main:jenkins-coreMaven | < 2.73.3 | 2.73.3 |
org.jenkins-ci.main:jenkins-coreMaven | >= 2.74, < 2.89 | 2.89 |
Affected products
1Patches
Discovered fix commits and diffs is available to signed-in members. Sign in or create a free account to read it.
Vulnerability mechanics
Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
6- github.com/advisories/GHSA-wfj3-535m-p6fxghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2017-1000391ghsaADVISORY
- www.securityfocus.com/bid/101773ghsavdb-entryx_refsource_BIDWEB
- github.com/jenkinsci/jenkins/commit/566a8ddb885f0bef9bc848e60455c0aabbf0c1d3ghsaWEB
- jenkins.io/security/advisory/2017-11-08ghsaWEB
- jenkins.io/security/advisory/2017-11-08/mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.