CVE-2024-52550

Summary

Jenkins Pipeline: Groovy Plugin 3990.vd281dd77a_388 and earlier, except 3975.3977.v478dd9e956c3 does not check whether the main (Jenkinsfile) script for a rebuilt build is approved, allowing attackers with Item/Build permission to rebuild a previous build whose (Jenkinsfile) script is no longer approved.

Affected Software

VendorProductVersion RangeStatus
Jenkins ProjectJenkins Pipeline: Groovy Plugin0 <= 3975.v567e2a_1ffa_22affected
Jenkins ProjectJenkins Pipeline: Groovy Plugin3990.vd281dd77a_388affected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References