CVE-2017-1000108
high
CVSS v3
7.5
CVSS v2
5.0
VIR risk
7.5
Description
Jenkins Pipeline: Input Step Plugin
Predictions
Exploit likelihood
83%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: cve@mitre.org — https://jenkins.io/security/advisory/2017-08-07/
Package impact
| Ecosystem | Package | Vulnerable | Fixed |
|---|---|---|---|
| Maven | org.jenkins-ci.plugins:pipeline-input-step | <2.7 | 2.7 |
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| jenkins | pipeline-input-step | 2.0 | |
| jenkins | pipeline-input-step | 2.1 | |
| jenkins | pipeline-input-step | 2.2 | |
| jenkins | pipeline-input-step | 2.3 | |
| jenkins | pipeline-input-step | 2.4 | |
| jenkins | pipeline-input-step | 2.5 | |
| jenkins | pipeline-input-step | 2.6 | |
| jenkins | pipeline-input-step | 2.7 | |
References
CWEs
CWE-200
Verify integrity in audit chain (admin only). AS-IS.