CVE-2024-52550

Published Nov 13, 2024

Last updated 3 months ago

Overview

Description: Jenkins Pipeline: Groovy Plugin 3990.vd281dd77a_388 and earlier, except 3975.3977.v478dd9e956c3 does not check whether the main (Jenkinsfile) script for a rebuilt build is approved, allowing attackers with Item/Build permission to rebuild a previous build whose (Jenkinsfile) script is no longer approved.
Source: jenkinsci-cert@googlegroups.com
NVD status: Awaiting Analysis

Risk scores

CVSS 3.1

Type: Secondary
Base score: 8
Impact score: 5.9
Exploitability score: 2.1
Vector string: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Severity: HIGH

Weaknesses

134c704f-9b21-4f2e-91b3-4a467353bcc0: CWE-354

Hype score: Not currently trending

CVE-2024-52550 Jenkins Pipeline: Groovy Plugin 3990.vd281dd77a_388 and earlier, except 3975.3977.v478dd9e956c3 does not check whether the main (Jenkinsfile) script for a rebuilt bui… https://t.co/qmZ4ago7jV
@CVEnew
13 Nov 2024
172 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes

References