{
  "threat_severity" : "Moderate",
  "public_date" : "2017-02-01T00:00:00Z",
  "bugzilla" : {
    "description" : "jenkins: Items could be created with same name as existing item (SECURITY-321)",
    "id" : "1418698",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1418698"
  },
  "cvss3" : {
    "cvss3_base_score" : "5.4",
    "cvss3_scoring_vector" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
    "status" : "draft"
  },
  "cwe" : "CWE-863",
  "details" : [ "Jenkins before versions 2.44 and 2.32.2 is vulnerable to an insufficient permission check. This allows users with permissions to create new items (e.g. jobs) to overwrite existing items they don't have access to (SECURITY-321)." ],
  "package_state" : [ {
    "product_name" : "Red Hat OpenShift Enterprise 2",
    "fix_state" : "Under investigation",
    "package_name" : "jenkins",
    "cpe" : "cpe:/a:redhat:openshift:2"
  }, {
    "product_name" : "Red Hat OpenShift Enterprise 3",
    "fix_state" : "Under investigation",
    "package_name" : "jenkins",
    "cpe" : "cpe:/a:redhat:openshift:3"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2017-2599\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-2599\nhttps://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2017-02-01" ],
  "name" : "CVE-2017-2599",
  "csaw" : false
}