CVE-2024-23901
published 2024-01-24CVE-2024-23901: Jenkins GitLab Branch Source Plugin 684.vea_fa_7c1e2fe3 and earlier unconditionally discovers projects that are shared with the configured owner group…
medium6.5CVSS 3.1
AVNACLPRNUINSUCLILAN
Jenkins GitLab Branch Source Plugin 684.vea_fa_7c1e2fe3 and earlier unconditionally discovers projects that are shared with the configured owner group, allowing attackers to configure and share a project, resulting in a crafted Pipeline being built by Jenkins during the next scan of the group.
Affected
13 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| gitlab | gitlab | — | — |
| jenkins | git_server_plugin | — | — |
| jenkins | github_branch_source | <= 684.vea_fa_7c1e2fe3 | — |
| jenkins | gitlab_branch_source_plugin | — | — |
| jenkins | jenkins_core | — | — |
| jenkins | jenkins_lts | — | — |
| jenkins | jenkins_uses_the_strict_crumb_issuer_plugin | — | — |
| jenkins | jenkins_weekly | — | — |
| jenkins | log_command_plugin | — | — |
| jenkins | matrix_project_plugin | — | — |
| jenkins | qualys_policy_compliance_scanning_connector_plugin | — | — |
| jenkins | red_hat_dependency_analytics_plugin | — | — |
| jenkins_project | jenkins_gitlab_branch_source_plugin | <= 684.vea_fa_7c1e2fe3 | — |