cve-2017-1000106
Vulnerability from cvelistv5
Published
2017-10-04 01:00
Modified
2024-09-16 22:25
Severity ?
Summary
Blue Ocean allows the creation of GitHub organization folders that are set up to scan a GitHub organization for repositories and branches containing a Jenkinsfile, and create corresponding pipelines in Jenkins. Its SCM content REST API supports the pipeline creation and editing feature in Blue Ocean. The SCM content REST API did not check the current user's authentication or credentials. If the GitHub organization folder was created via Blue Ocean, it retained a reference to its creator's GitHub credentials. This allowed users with read access to the GitHub organization folder to create arbitrary commits in the repositories inside the GitHub organization corresponding to the GitHub organization folder with the GitHub credentials of the creator of the organization folder. Additionally, users with read access to the GitHub organization folder could read arbitrary file contents from the repositories inside the GitHub organization corresponding to the GitHub organization folder if the branch contained a Jenkinsfile (which could be created using the other part of this vulnerability), and they could provide the organization folder name, repository name, branch name, and file name.
References
cve@mitre.orghttps://jenkins.io/security/advisory/2017-08-07/Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://jenkins.io/security/advisory/2017-08-07/Vendor Advisory
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T21:53:06.750Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://jenkins.io/security/advisory/2017-08-07/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "dateAssigned": "2017-08-22T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Blue Ocean allows the creation of GitHub organization folders that are set up to scan a GitHub organization for repositories and branches containing a Jenkinsfile, and create corresponding pipelines in Jenkins. Its SCM content REST API supports the pipeline creation and editing feature in Blue Ocean. The SCM content REST API did not check the current user\u0027s authentication or credentials. If the GitHub organization folder was created via Blue Ocean, it retained a reference to its creator\u0027s GitHub credentials. This allowed users with read access to the GitHub organization folder to create arbitrary commits in the repositories inside the GitHub organization corresponding to the GitHub organization folder with the GitHub credentials of the creator of the organization folder. Additionally, users with read access to the GitHub organization folder could read arbitrary file contents from the repositories inside the GitHub organization corresponding to the GitHub organization folder if the branch contained a Jenkinsfile (which could be created using the other part of this vulnerability), and they could provide the organization folder name, repository name, branch name, and file name."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-10-04T01:00:00Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://jenkins.io/security/advisory/2017-08-07/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "DATE_ASSIGNED": "2017-08-22T17:29:33.320737",
          "ID": "CVE-2017-1000106",
          "REQUESTER": "ml@beckweb.net",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Blue Ocean allows the creation of GitHub organization folders that are set up to scan a GitHub organization for repositories and branches containing a Jenkinsfile, and create corresponding pipelines in Jenkins. Its SCM content REST API supports the pipeline creation and editing feature in Blue Ocean. The SCM content REST API did not check the current user\u0027s authentication or credentials. If the GitHub organization folder was created via Blue Ocean, it retained a reference to its creator\u0027s GitHub credentials. This allowed users with read access to the GitHub organization folder to create arbitrary commits in the repositories inside the GitHub organization corresponding to the GitHub organization folder with the GitHub credentials of the creator of the organization folder. Additionally, users with read access to the GitHub organization folder could read arbitrary file contents from the repositories inside the GitHub organization corresponding to the GitHub organization folder if the branch contained a Jenkinsfile (which could be created using the other part of this vulnerability), and they could provide the organization folder name, repository name, branch name, and file name."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://jenkins.io/security/advisory/2017-08-07/",
              "refsource": "CONFIRM",
              "url": "https://jenkins.io/security/advisory/2017-08-07/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2017-1000106",
    "datePublished": "2017-10-04T01:00:00Z",
    "dateReserved": "2017-10-03T00:00:00Z",
    "dateUpdated": "2024-09-16T22:25:53.471Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:jenkins:blue_ocean:*:*:*:*:*:jenkins:*:*\", \"versionEndIncluding\": \"1.1.5\", \"matchCriteriaId\": \"D150C651-522E-42A1-ADCC-39BC617320D1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:jenkins:blue_ocean:1.2.0:beta1:*:*:*:jenkins:*:*\", \"matchCriteriaId\": \"C8C86EC1-0245-4520-B32F-FD3E7C87DA36\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:jenkins:blue_ocean:1.2.0:beta2:*:*:*:jenkins:*:*\", \"matchCriteriaId\": \"DA52B765-C1B0-4B18-AF95-F69834DD8E21\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:jenkins:blue_ocean:1.2.0:beta3:*:*:*:jenkins:*:*\", \"matchCriteriaId\": \"8DB857A7-F54C-4F0F-98A0-26B229B65ACF\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Blue Ocean allows the creation of GitHub organization folders that are set up to scan a GitHub organization for repositories and branches containing a Jenkinsfile, and create corresponding pipelines in Jenkins. Its SCM content REST API supports the pipeline creation and editing feature in Blue Ocean. The SCM content REST API did not check the current user\u0027s authentication or credentials. If the GitHub organization folder was created via Blue Ocean, it retained a reference to its creator\u0027s GitHub credentials. This allowed users with read access to the GitHub organization folder to create arbitrary commits in the repositories inside the GitHub organization corresponding to the GitHub organization folder with the GitHub credentials of the creator of the organization folder. Additionally, users with read access to the GitHub organization folder could read arbitrary file contents from the repositories inside the GitHub organization corresponding to the GitHub organization folder if the branch contained a Jenkinsfile (which could be created using the other part of this vulnerability), and they could provide the organization folder name, repository name, branch name, and file name.\"}, {\"lang\": \"es\", \"value\": \"Blue Ocean permite la creaci\\u00f3n de carpetas de organizaci\\u00f3n de GitHub que est\\u00e1n configuradas para escanear una organizaci\\u00f3n de GitHub en busca de repositorios y ramas que contengan un archivo Jenkins y crear las correspondientes pipelines en Jenkins. Su API REST de contenido SCM es compatible con la caracter\\u00edstica de creaci\\u00f3n y edici\\u00f3n de pipelines en Blue Ocean. La API REST de contenido SCM no chequea la autenticaci\\u00f3n o las credenciales del usuario actual. Si la carpeta de organizaci\\u00f3n de GitHub se cre\\u00f3 con Blue Ocean, entonces retiene una referencia a las credenciales de GitHub de su creador. Esto permite a los usuarios con acceso de lectura de la carpeta de organizaci\\u00f3n de GitHub crear commits arbitrarios en los repositorios de dentro de la organizaci\\u00f3n de GitHub correspondiente a la carpeta de organizaci\\u00f3n de GitHub con las credenciales de GitHub del creador de dicha carpeta. Adem\\u00e1s, los usuarios con acceso de lectura a la carpeta de organizaci\\u00f3n de GitHub podr\\u00edan leer contenidos de archivos arbitrariamente de los repositorios de dentro de la organizaci\\u00f3n de GitHub que corresponde a la carpeta de organizaci\\u00f3n de GitHub si la rama contuviera un archivo Jenkinsfile (que se podr\\u00eda crear usando la otra parte de esta vulnerabilidad), y podr\\u00edan proporcional el nombre de la carpeta de organizaci\\u00f3n, del repositorio, de la rama y del archivo.\"}]",
      "id": "CVE-2017-1000106",
      "lastModified": "2024-11-21T03:04:10.557",
      "metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:H/A:N\", \"baseScore\": 8.5, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 3.1, \"impactScore\": 4.7}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:S/C:P/I:P/A:N\", \"baseScore\": 5.5, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"SINGLE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.0, \"impactScore\": 4.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2017-10-05T01:29:04.273",
      "references": "[{\"url\": \"https://jenkins.io/security/advisory/2017-08-07/\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://jenkins.io/security/advisory/2017-08-07/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-287\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2017-1000106\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2017-10-05T01:29:04.273\",\"lastModified\":\"2024-11-21T03:04:10.557\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Blue Ocean allows the creation of GitHub organization folders that are set up to scan a GitHub organization for repositories and branches containing a Jenkinsfile, and create corresponding pipelines in Jenkins. Its SCM content REST API supports the pipeline creation and editing feature in Blue Ocean. The SCM content REST API did not check the current user\u0027s authentication or credentials. If the GitHub organization folder was created via Blue Ocean, it retained a reference to its creator\u0027s GitHub credentials. This allowed users with read access to the GitHub organization folder to create arbitrary commits in the repositories inside the GitHub organization corresponding to the GitHub organization folder with the GitHub credentials of the creator of the organization folder. Additionally, users with read access to the GitHub organization folder could read arbitrary file contents from the repositories inside the GitHub organization corresponding to the GitHub organization folder if the branch contained a Jenkinsfile (which could be created using the other part of this vulnerability), and they could provide the organization folder name, repository name, branch name, and file name.\"},{\"lang\":\"es\",\"value\":\"Blue Ocean permite la creaci\u00f3n de carpetas de organizaci\u00f3n de GitHub que est\u00e1n configuradas para escanear una organizaci\u00f3n de GitHub en busca de repositorios y ramas que contengan un archivo Jenkins y crear las correspondientes pipelines en Jenkins. Su API REST de contenido SCM es compatible con la caracter\u00edstica de creaci\u00f3n y edici\u00f3n de pipelines en Blue Ocean. La API REST de contenido SCM no chequea la autenticaci\u00f3n o las credenciales del usuario actual. Si la carpeta de organizaci\u00f3n de GitHub se cre\u00f3 con Blue Ocean, entonces retiene una referencia a las credenciales de GitHub de su creador. Esto permite a los usuarios con acceso de lectura de la carpeta de organizaci\u00f3n de GitHub crear commits arbitrarios en los repositorios de dentro de la organizaci\u00f3n de GitHub correspondiente a la carpeta de organizaci\u00f3n de GitHub con las credenciales de GitHub del creador de dicha carpeta. Adem\u00e1s, los usuarios con acceso de lectura a la carpeta de organizaci\u00f3n de GitHub podr\u00edan leer contenidos de archivos arbitrariamente de los repositorios de dentro de la organizaci\u00f3n de GitHub que corresponde a la carpeta de organizaci\u00f3n de GitHub si la rama contuviera un archivo Jenkinsfile (que se podr\u00eda crear usando la otra parte de esta vulnerabilidad), y podr\u00edan proporcional el nombre de la carpeta de organizaci\u00f3n, del repositorio, de la rama y del archivo.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:H/A:N\",\"baseScore\":8.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.1,\"impactScore\":4.7}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:S/C:P/I:P/A:N\",\"baseScore\":5.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.0,\"impactScore\":4.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-287\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:jenkins:blue_ocean:*:*:*:*:*:jenkins:*:*\",\"versionEndIncluding\":\"1.1.5\",\"matchCriteriaId\":\"D150C651-522E-42A1-ADCC-39BC617320D1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:jenkins:blue_ocean:1.2.0:beta1:*:*:*:jenkins:*:*\",\"matchCriteriaId\":\"C8C86EC1-0245-4520-B32F-FD3E7C87DA36\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:jenkins:blue_ocean:1.2.0:beta2:*:*:*:jenkins:*:*\",\"matchCriteriaId\":\"DA52B765-C1B0-4B18-AF95-F69834DD8E21\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:jenkins:blue_ocean:1.2.0:beta3:*:*:*:jenkins:*:*\",\"matchCriteriaId\":\"8DB857A7-F54C-4F0F-98A0-26B229B65ACF\"}]}]}],\"references\":[{\"url\":\"https://jenkins.io/security/advisory/2017-08-07/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://jenkins.io/security/advisory/2017-08-07/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.