Missing Permissions Check in Jenkins Update Site Metadata Update

Missing Permissions Check in Jenkins Update Site Metadata Update

CVE-2016-3725 · MEDIUM Severity

AV:N/AC:L/AU:N/C:N/I:P/A:N

Jenkins before 2.3 and LTS before 1.651.2 allows remote authenticated users to trigger updating of update site metadata by leveraging a missing permissions check. NOTE: this issue can be combined with DNS cache poisoning to cause a denial of service (service disruption).

Learn more about our User Device Pen Test.