CVE-2024-52551

Aliases:GHSA-p2qq-c693-q53w
Advisory lineage Upstream: 0 Downstream: 6
Analyzed
Published: 13 Nov 2024, 20:53
Last modified:14 Nov 2024, 15:05

Vulnerability Summary

Overall Risk (default)
medium
32/100
CVSS Score
8 HIGH
v3.1 (cve.org)
EPSS Score
0.55% LOW
1% probability +0.14%
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected

Timeline

13 Nov 2024, 20:53
Published
Vulnerability first disclosed
14 Nov 2024, 15:05
Last Modified
Vulnerability information updated

Description

Jenkins Pipeline: Declarative Plugin 2.2214.vb_b_34b_2ea_9b_83 and earlier does not check whether the main (Jenkinsfile) script used to restart a build from a specific stage is approved, allowing attackers with Item/Build permission to restart a previous build whose (Jenkinsfile) script is no longer approved.

CVSS Metrics

  • v3.1HIGHScore: 8CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

EPSS Trends

Current EPSS score: 0.55% Percentile: 68%

Techniques & Countermeasures

  • CWE-276Incorrect Default Permissions

    During installation, installed file permissions are set to allow anyone to modify those files.

Affected Systems

  • jenkins projectjenkins pipeline: declarative plugin

    ≤ 2.2214.vb_b_34b_2ea_9b_83

  • org.jenkinsci.pluginspipeline-model-parent

    < 2.2218.v56d0cda

References (3)