Red Hat Bugzilla – Bug 1418714
CVE-2017-2604 jenkins: Low privilege users were able to act on administrative monitors (SECURITY-371)
Last modified: 2018-06-29 18:17:57 EDT
The following flaw was found in Jenkins:
Administrative monitors are warnings about the system state shown to Jenkins admins. They sometimes provide actions to e.g. automatically address the reported problem, or disable the warning. These actions were not consistently protected by permission checks, thereby allowing low privilege users to act on them.
All administrative monitors now require the user accessing them to be an administrator.
Created jenkins tracking bugs for this issue:
Affects: fedora-all [bug 1418736]