Description

Jenkins Pipeline: Groovy Plugin 3990.vd281dd77a_388 and earlier, except 3975.3977.v478dd9e956c3 does not check whether the main (Jenkinsfile) script for a rebuilt build is approved, allowing attackers with Item/Build permission to rebuild a previous build whose (Jenkinsfile) script is no longer approved.

INFO

Published Date :

2024-11-13T20:53:00.972Z

Last Modified :

2024-11-26T14:45:03.205Z

Source :

jenkins
AFFECTED PRODUCTS

The following products are affected by CVE-2024-52550 vulnerability.

Vendors Products
Jenkins
  • Groovy
  • Pipeline\
Redhat
  • Ocp Tools
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-52550.

URL Resource
https://nvd.nist.gov/vuln/detail/CVE-2024-52550 cve-icon
https://www.cve.org/CVERecord?id=CVE-2024-52550 cve-icon
https://www.jenkins.io/security/advisory/2024-11-13/#SECURITY-3362 cve-icon cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact