8.8

CVSS Score

3.0

Basic Information

CVE ID

CVE-2017-1000354

GHSA ID

GHSA-r57f-7xw3-q2r9

EPSS Score

0.58654%

CWE

CWE-287

Published

5/14/2022

Updated

4/19/2024

KEV Status

Technology

Java

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2017-1000354

CVE-2017-1000354: Improper Authentication in Jenkins

Jenkins versions 2.56 and earlier as well as 2.46.1 LTS and earlier are vulnerable to a login command which allowed impersonating any Jenkins user. The login command available in the remoting-based CLI stored the encrypted user name of the successfully authenticated user in a cache file used to authenticate further commands. Users with sufficient permission to create secrets in Jenkins, and download their encrypted values (e.g. with Job/Configure permission), were able to impersonate any other Jenkins user on the same instance.

(GitHub Advisory)

8.8

CVSS Score

3.0

Basic Information

CVE ID

CVE-2017-1000354

GHSA ID

GHSA-r57f-7xw3-q2r9

EPSS Score

0.58654%

CWE

CWE-287

Published

5/14/2022

Updated

4/19/2024

KEV Status

Technology

Java

Technical Details

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
org.jenkins-ci.main:jenkins-core	maven	>= 2.50, <= 2.56	2.57
org.jenkins-ci.main:jenkins-core	maven	<= 2.46.1	2.46.2

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability stemmed from how authentication data was stored and validated. The pre-patch implementation in ClientAuthenticationCache:

get() blindly trusted the stored encrypted username without MAC validation
set() persisted only the encrypted username without a cryptographic integrity check
The lack of HMAC allowed substitution attacks when combined with secret decryption capabilities
The test case in ClientAuthenticationCacheTest.java demonstrates how modifying the stored value could bypass authentication
The fix introduced HMACConfidentialKey to bind the username to a MAC, making tampering detectable

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

J*nkins v*rsions *.** *n* **rli*r *s w*ll *s *.**.* LTS *n* **rli*r *r* vuln*r**l* to * lo*in *omm*n* w*i** *llow** imp*rson*tin* *ny J*nkins us*r. T** `lo*in` *omm*n* *v*il**l* in t** r*motin*-**s** *LI stor** t** *n*rypt** us*r n*m* o* t** su***ss*

Reasoning

T** vuln*r**ility st*mm** *rom *ow *ut**nti**tion **t* w*s stor** *n* v*li**t**. T** pr*-p*t** impl*m*nt*tion in *li*nt*ut**nti**tion*****: *. **t() *lin*ly trust** t** stor** *n*rypt** us*rn*m* wit*out M** v*li**tion *. s*t() p*rsist** only t** *n*r

8.8

Basic Information

Concerned about an active attack path?

CVE-2017-1000354: Improper Authentication in Jenkins

8.8

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI