CVE-2017-2611
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2017-2611
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
Jenkins before versions 2.44, 2.32.2 is vulnerable to an insufficient permission check for periodic processes (SECURITY-389). The URLs /workspaceCleanup and /fingerprintCleanup did not perform permission checks, allowing users with read access to Jenkins to trigger these background processes (that are otherwise performed daily), possibly causing additional load on Jenkins master and agents.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
不恰当实现的标准安全检查
Source: NVD (National Vulnerability Database)
Vulnerability Title
CloudBees Jenkins 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
CloudBees Jenkins是美国CloudBees公司的一款基于Java开发的开源的、可持续集成的自动化服务器,它主要用于监控持续的软件版本发布/测试项目和一些定时执行的任务。LTS(Long-Term Support)是CloudBees Jenkins的一个长期支持版本。 CloudBees Jenkins 2.44之前版本和2.32.2之前版本中存在安全漏洞,该漏洞源于/workspaceCleanup和/fingerprintCleanup URLs没有对周期性进程执行权限检测。远程攻击者
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| unspecified | jenkins | jenkins 2.44 | - |
II. Public POCs for CVE-2017-2611
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2017-2611
请登录查看更多情报信息。
- 🔗 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2611x_refsource_CONFIRM
- 🔗 https://jenkins.io/security/advisory/2017-02-01/x_refsource_CONFIRM
- https://nvd.nist.gov/vuln/detail/CVE-2017-2611
Same Patch Batch · unspecified · 2018-05-08 · 4 CVEs total
| CVE-2017-2606 | CloudBees Jenkins 信息泄露漏洞 | |
| CVE-2017-2592 | OpenStack oslo.middleware 信息泄露漏洞 | |
| CVE-2017-2594 | hawtio 路径遍历漏洞 |
IV. Related Vulnerabilities
Same weakness: CWE-358
- CVE-2025-31983
HCL BigFix Service Management (SM) is affected by a security - CVE-2025-31970
HCL DFXAnalytics is affected by an Insecure Security Header - CVE-2026-22618
Eaton Intelligent Power Protector 安全漏洞 - CVE-2026-35679
Zcash 安全特征问题漏洞 - CVE-2026-2645
Acceptance of CertificateVerify Message before ClientKeyExch
V. Comments for CVE-2017-2611
No comments yet