New vulnerability on the NVD: CVE-2017-1000354

Jenkins versions 2.56 and earlier as well as 2.46.1 LTS and earlier are vulnerable to a login command which allowed impersonating any Jenkins user. The `login` command available in the remoting-based CLI stored the encrypted user name of the successfully authenticated user in a cache file used to authenticate further commands. Users with sufficient permission to create secrets in Jenkins, and download their encrypted values (e.g. with Job/Configure permission), were able to impersonate any other Jenkins user on the same instance.

Published at: January 29, 2018 at 10:29PM

Comments

Post a Comment

Popular posts from this blog

Detours for Bus Routes 23 and 103 on Saturday, Sept. 3 and Detours for Bus Routes 22, 200, 202, 203, 224, 238, 250 and 251 on Monday, Sept. 5

Bus routes 23 and 103 on detour on Saturday, Sept. 3 from 7 to 11 p.m. during the Dallas GSWS closing ceremony block party at the historic Crossroads on Cedar Springs. Bus routes 22, 200, 202, 203, 224, 238, 250 and 251 will be on detour during the Garland Labor Day Parade on Monday, Sept. 5 from 9 to 11:30 a.m. Reminder: DART buses and light rail will operate on a weekend schedule for the Labor Day holiday on Monday, Sept. 5. More information available at https://ift.tt/lst5vcZ
Read more

DART Announces 2022 Labor Day Schedule

Dallas Area Rapid Transit (DART) will operate on the following schedule for the Labor Day holiday on Monday, September 5. DART Buses and Light Rail: Operating on a weekend schedule. (Route 402 NorthPark Shuttle and Route 883 UTD Comet Cruiser will operate on a Sunday schedule.) The Trinity Railway Express (TRE): No service. DART GoLink: GoLink will operate only in zones that provide Sunday service. These zones include Northwest Dallas, Inland Port, Rylie, West Dallas, North Dallas, North Central Dallas and Park Cities. Service will be unavailable in all other zones. More information available at https://ift.tt/9m8w7MV
Read more

DART Announces Changes to Bus and GoLink Services Beginning Monday, September 26

DART continues to closely monitor both the New Bus Network and evolving GoLink on-demand system to provide prompt response to customer feedback and maintain safe and dependable service. Listed below are routes with a number of improvements and adjustments. Some of these changes have already taken effect or will become effective on Monday, September 26, 2022. For more information about these changes, please visit dart.org/servicechange. Bus Route Changes: Routes 45, 224, 230, 383, 436, 442. Schedule Adjustments: Routes 13, 45, 218, 222, 230, 232 and 235. Bus Bay Modifications: Hatcher Station, Addison Transit Center. GoLink Changes: Keller Springs GoLink, Preston Hollow GoLink
Read more