Overview
- Description
- Jenkins Shared Library Version Override Plugin 17.v786074c9fce7 and earlier declares folder-scoped library overrides as trusted, so that they're not executed in the Script Security sandbox, allowing attackers with Item/Configure permission on a folder to configure a folder-scoped library override that runs without sandbox protection.
- Source
- jenkinsci-cert@googlegroups.com
- NVD status
- Awaiting Analysis
Risk scores
CVSS 3.1
- Type
- Secondary
- Base score
- 8.8
- Impact score
- 5.9
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
Weaknesses
- 134c704f-9b21-4f2e-91b3-4a467353bcc0
- CWE-862
Social media
- Hype score
- Not currently trending
CVE-2024-52554 Jenkins is an open source automation server which enables developers around the world to reliably build, test, and deploy their software. The following releases contain fixes for security vulnerabi... https://t.co/SiElRfhCGq
@VulmonFeeds
13 Nov 2024
2 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-52554 Jenkins Shared Library Version Override Plugin 17.v786074c9fce7 and earlier declares folder-scoped library overrides as trusted, so that they're not executed in the S… https://t.co/FKyYpZO8TU
@CVEnew
13 Nov 2024
147 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes