Red Hat Bugzilla – Bug 1418711
CVE-2017-2602 jenkins: Pipeline metadata files not blacklisted in agent-to-master security subsystem (SECURITY-358)
Last modified: 2018-06-29 18:17:52 EDT
The following flaw was found in Jenkins:
The Pipeline suite of plugins stored build metadata in the file program.dat and the directory workflow/. These were not blacklisted in the agent-to-master security subsystem and could therefore be written to by malicious agents.
Created jenkins tracking bugs for this issue:
Affects: fedora-all [bug 1418736]