CVE-2024-43045

Summary

Jenkins 2.470 and earlier, LTS 2.452.3 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to access other users' "My Views".

Affected Software

VendorProductVersion RangeStatus
Jenkins ProjectJenkins2.452.4 < 2.452.*unaffected
Jenkins ProjectJenkins2.462.1 < 2.462.*unaffected
Jenkins ProjectJenkins2.471 < *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References