CVE-2017-1000105: Missing Authorization in Jenkins Blue Ocean Plugin
4.3
CVSS Score
3.0
Basic Information
CVE ID
GHSA ID
EPSS Score
0.10408%
CWE
Published
5/13/2022
Updated
1/17/2025
KEV Status
No
Technology
Java
Technical Details
CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
---|---|---|---|
io.jenkins.blueocean:blueocean | maven | <= 1.2.4 |
Vulnerability Intelligence
Miggo AI
Root Cause Analysis
The vulnerability stems from missing Run/Artifacts
permission checks in artifact access logic, but the provided data lacks specific code references, commit diffs, or file paths. While the advisory describes the flawed authorization mechanism, it does not explicitly name the functions
responsible for artifact retrieval or permission validation. Without concrete code examples or patch details, identifying exact vulnerable functions
with high confidence is not possible. The fix likely involved adding permission checks in artifact-serving endpoints or controllers, but these cannot be mapped to specific functions
without further technical context.