CVE-2024-52550

Name
CVE-2024-52550
Description
Jenkins Pipeline: Groovy Plugin 3990.vd281dd77a_388 and earlier, except 3975.3977.v478dd9e956c3 does not check whether the main (Jenkinsfile) script for a rebuilt build is approved, allowing attackers with Item/Build permission to rebuild a previous build whose (Jenkinsfile) script is no longer approved.
NVD Severity
unknown
Other trackers
CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia
Mailing lists
oss-security, full-disclosure, bugtraq
Exploits
Exploit DB, Metasploit
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
Vendor Advisory https://www.jenkins.io/security/advisory/2024-11-13/#SECURITY-3362

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:jenkins:pipeline\:_groovy:*:*:*:*:*:jenkins:*:* jenkins >= None < 3975.3977.v478dd9e956c3
cpe:2.3:a:jenkins:pipeline\:_groovy:3990.vd281dd77a_388:*:*:*:*:jenkins:*:* jenkins == None == _groovy

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
jenkins edge-community 2.516.1-r0 Francesco Colista <fcolista@alpinelinux.org> possibly vulnerable
jenkins edge-community 2.479.1-r1 Francesco Colista <fcolista@alpinelinux.org> possibly vulnerable
jenkins edge-community 2.479.1-r0 Francesco Colista <fcolista@alpinelinux.org> possibly vulnerable
jenkins 3.22-community 2.479.1-r1 Francesco Colista <fcolista@alpinelinux.org> possibly vulnerable
jenkins 3.22-community 2.479.1-r0 Francesco Colista <fcolista@alpinelinux.org> possibly vulnerable