CVE-2024-52549
published 2024-11-13CVE-2024-52549: Jenkins Script Security Plugin 1367.vdf2fc45f229c and earlier, except 1365.1367.va_3b_b_89f8a_95b_ and 1362.1364.v4cf2dc5d8776, does not perform a permission…
medium4.3CVSS 3.1
AVNACLPRLUINSUCLINAN
Jenkins Script Security Plugin 1367.vdf2fc45f229c and earlier, except 1365.1367.va_3b_b_89f8a_95b_ and 1362.1364.v4cf2dc5d8776, does not perform a permission check in a method implementing form validation, allowing attackers with Overall/Read permission to check for the existence of files on the controller file system.
Affected
13 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| jenkins | authorize_project_plugin | — | — |
| jenkins | declarative_plugin | — | — |
| jenkins | groovy_plugin | — | — |
| jenkins | ivytrigger_plugin | — | — |
| jenkins | openid_connect_authentication_plugin | — | — |
| jenkins | script_security | < 1362.1364.v4cf2dc5d8776 | 1362.1364.v4cf2dc5d8776 |
| jenkins | script_security | — | — |
| jenkins | script_security | >= 1366.vd44b_49a_5c85c < 1367.vdf2fc45f229c | 1367.vdf2fc45f229c |
| jenkins | script_security_plugin | — | — |
| jenkins | shared_library_version_override_plugin | — | — |
| jenkins_project | jenkins_script_security_plugin | <= 1362.v67dc1f0e1b_b_3 | — |
| jenkins_project | jenkins_script_security_plugin | — | — |
| jenkins_project | jenkins_script_security_plugin | 1366.vd44b_49a_5c85c – 1367.vdf2fc45f229c | — |