Red Hat Bugzilla – Bug 1418698
CVE-2017-2599 jenkins: Items could be created with same name as existing item (SECURITY-321)
Last modified: 2018-06-29 18:17:44 EDT
The following flaw was found in Jenkins:
An insufficient permission check allowed users with the permission to create new items (e.g. jobs) to overwrite existing items they don't have access to. After a Jenkins restart, children of the original item, such as builds, were then accessible in some circumstances.
Created jenkins tracking bugs for this issue:
Affects: fedora-all [bug 1418736]