Jenkins Vulnerability: AES ECB Block Cipher Mode Without IV for Secret Encryption (SECURITY-304)
CVE-2017-2598 · MEDIUM Severity
AV:N/AC:L/AU:S/C:P/I:N/A:N
Jenkins before versions 2.44, 2.32.2 uses AES ECB block cipher mode without IV for encrypting secrets which makes Jenkins and the stored secrets vulnerable to unnecessary risks (SECURITY-304).
Learn more about our Web Application Penetration Testing UK.