Medium severity4.3NVD Advisory· Published May 8, 2018· Updated Jun 17, 2026
CVE-2017-2611
CVE-2017-2611
Description
Jenkins before versions 2.44, 2.32.2 is vulnerable to an insufficient permission check for periodic processes (SECURITY-389). The URLs /workspaceCleanup and /fingerprintCleanup did not perform permission checks, allowing users with read access to Jenkins to trigger these background processes (that are otherwise performed daily), possibly causing additional load on Jenkins master and agents.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.jenkins-ci.main:jenkins-coreMaven | < 2.44 | 2.44 |
Affected products
2- unspecified/jenkinsv5Range: jenkins 2.44
Patches
Vulnerability mechanics
References
7- www.securityfocus.com/bid/95956nvdThird Party AdvisoryVDB EntryWEB
- bugzilla.redhat.com/show_bug.cginvdIssue TrackingThird Party AdvisoryWEB
- github.com/advisories/GHSA-3297-944x-j7x7ghsaADVISORY
- github.com/jenkinsci/jenkins/commit/97a61a9fe55f4c16168c123f98301a5173b9fa86nvdThird Party AdvisoryWEB
- jenkins.io/security/advisory/2017-02-01/nvdVendor Advisory
- nvd.nist.gov/vuln/detail/CVE-2017-2611ghsaADVISORY
- jenkins.io/security/advisory/2017-02-01ghsaWEB
News mentions
0No linked articles in our index yet.