CVE-2017-2652: Improper Authentication

July 27, 2018 (updated October 9, 2019)

The Distributed Fork plugin for Jenkins that provides the dist-fork CLI command beyond the basic check for Overall/Read permission, allowing anyone with that permission to run arbitrary shell commands on all connected nodes.

References

www.securityfocus.com/bid/96980
jenkins.io/security/advisory/2017-03-20/
nvd.nist.gov/vuln/detail/CVE-2017-2652

Detect and mitigate CVE-2017-2652 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →