CVE-2024-52551

Name
CVE-2024-52551
Description
Jenkins Pipeline: Declarative Plugin 2.2214.vb_b_34b_2ea_9b_83 and earlier does not check whether the main (Jenkinsfile) script used to restart a build from a specific stage is approved, allowing attackers with Item/Build permission to restart a previous build whose (Jenkinsfile) script is no longer approved.
NVD Severity
unknown
Other trackers
CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia
Mailing lists
oss-security, full-disclosure, bugtraq
Exploits
Exploit DB, Metasploit
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
vendor-advisory https://www.jenkins.io/security/advisory/2024-11-13/#SECURITY-3361

Match rules

CPE URI Source package Min version Max version
jenkins-pipeline:-declarative-plugin >= 0 <= 2.2214.vb_b_34b_2ea_9b_83
cpe:2.3:a:jenkins_project:jenkins_pipeline_declaratrive_plugin:*:*:*:*:*:*:*:* jenkins-pipeline-declaratrive-plugin >= 0 <= 2.2214.vb_b_34b_2ea_9b_83
cpe:2.3:a:jenkins:pipeline\:_declarative:*:*:*:*:*:jenkins:*:* jenkins >= None <= 2.2214.vb_b_34b_2ea_9b_83

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
jenkins edge-community 2.479.1-r0 Francesco Colista <fcolista@alpinelinux.org> possibly vulnerable
jenkins edge-community 2.479.1-r1 Francesco Colista <fcolista@alpinelinux.org> possibly vulnerable
jenkins edge-community 2.516.1-r0 Francesco Colista <fcolista@alpinelinux.org> possibly vulnerable
jenkins 3.22-community 2.479.1-r0 Francesco Colista <fcolista@alpinelinux.org> possibly vulnerable
jenkins 3.22-community 2.479.1-r1 Francesco Colista <fcolista@alpinelinux.org> possibly vulnerable