CVE-2017-1000108
Severity CVSS v4.0:
Pending analysis
Type:
CWE-200
Information Leak / Disclosure
Publication date:
05/10/2017
Last modified:
20/04/2025
Description
The Pipeline: Input Step Plugin by default allowed users with Item/Read access to a pipeline to interact with the step to provide input. This has been changed, and now requires users to have the Item/Build permission instead.
Impact
Base Score 3.x
7.50
Severity 3.x
HIGH
Base Score 2.0
5.00
Severity 2.0
MEDIUM
Vulnerable products and versions
CPE | From | Up to |
---|---|---|
cpe:2.3:a:jenkins:pipeline-input-step:2.0:*:*:*:*:jenkins:*:* | ||
cpe:2.3:a:jenkins:pipeline-input-step:2.1:*:*:*:*:jenkins:*:* | ||
cpe:2.3:a:jenkins:pipeline-input-step:2.2:*:*:*:*:jenkins:*:* | ||
cpe:2.3:a:jenkins:pipeline-input-step:2.3:*:*:*:*:jenkins:*:* | ||
cpe:2.3:a:jenkins:pipeline-input-step:2.4:*:*:*:*:jenkins:*:* | ||
cpe:2.3:a:jenkins:pipeline-input-step:2.5:*:*:*:*:jenkins:*:* | ||
cpe:2.3:a:jenkins:pipeline-input-step:2.6:*:*:*:*:jenkins:*:* | ||
cpe:2.3:a:jenkins:pipeline-input-step:2.7:*:*:*:*:jenkins:*:* |
To consult the complete list of CPE names with products and versions, see this page