3.3

CVSS Score

3.0

-

CVSS Score

Basic Information

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2017-1000242

CVE-2017-1000242: Insecure temporary file usage in Jenkins Git Client Plugin

Jenkins Git Client Plugin 2.4.2 and earlier creates temporary file with insecure permissions resulting in information disclosure

(GitHub Advisory)

Miggo Vulnerability Database

→

CVE-2017-1000242

CVE-2017-1000242:

3.3

CVSS Score

3.0

-

CVSS Score

Basic Information

Technical Details

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
org.jenkins-ci.plugins:git-client	maven	< 2.4.3	2.4.3

Technical Details

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability stemmed from using File.createTempFile() without proper permission controls. The commit diff shows multiple instances where this insecure method was replaced with a new createTempFile() method that sets restrictive permissions (rw-------) and uses workspace-adjacent storage when available. Each identified function was modified in the patch to use the secure alternative, confirming they previously used vulnerable temporary file creation patterns. The functions handled sensitive operations like credential storage and Git operations, making them high-risk targets for information disclosure through temporary file interception.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.

3.3

-

Basic Information

Basic Information

Concerned about an active attack path?

CVE-2017-1000242: Insecure temporary file usage in Jenkins Git Client Plugin

CVE-2017-1000242:

3.3

-

Basic Information

Basic Information

Technical Details

Technical Details

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI

Detect and Respond To Threats Faster.

Technical Details

3.3

3.3

Basic Information

Basic Information

CVE-2017-1000242: Insecure temporary file usage in Jenkins Git Client Plugin

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

3.3

-

Basic Information

Basic Information

Concerned about an active attack path?

CVE-2017-1000242: Insecure temporary file usage in Jenkins Git Client Plugin

CVE-2017-1000242:

3.3

-

Basic Information

Basic Information

Technical Details

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability IntelligenceMiggo AI

Technical Details

3.3

3.3

Basic Information

Basic Information

CVE-2017-1000242: Insecure temporary file usage in Jenkins Git Client Plugin

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI