We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2024-52549



Description

Jenkins Script Security Plugin 1367.vdf2fc45f229c and earlier, except 1365.1367.va_3b_b_89f8a_95b_ and 1362.1364.v4cf2dc5d8776, does not perform a permission check in a method implementing form validation, allowing attackers with Overall/Read permission to check for the existence of files on the controller file system.

Reserved 2024-11-12 | Published 2024-11-13 | Updated 2024-11-13 | Assigner jenkins

Product status

Default status
unaffected

Any version
affected

1365.v4778ca_84b_de5
affected

1366.vd44b_49a_5c85c
affected

References

www.jenkins.io/security/advisory/2024-11-13/ (Jenkins Security Advisory 2024-11-13) vendor-advisory

cve.org (CVE-2024-52549)

nvd.nist.gov (CVE-2024-52549)

Download JSON

Share this page
https://cve.threatint.com/CVE/CVE-2024-52549

Support options

Helpdesk Chat, Email, Knowledgebase
Subscribe to our newsletter to learn more about our work.