Jenkins Vulnerability: AES ECB Block Cipher Mode Without IV for Secret Encryption (SECURITY-304)

Jenkins Vulnerability: AES ECB Block Cipher Mode Without IV for Secret Encryption (SECURITY-304)

CVE-2017-2598 · MEDIUM Severity

AV:N/AC:L/AU:S/C:P/I:N/A:N

Jenkins before versions 2.44, 2.32.2 uses AES ECB block cipher mode without IV for encrypting secrets which makes Jenkins and the stored secrets vulnerable to unnecessary risks (SECURITY-304).

Learn more about our Web Application Penetration Testing UK.