OpenCVE

Jenkins Pipeline: Groovy Plugin 3990.vd281dd77a_388 and earlier, except 3975.3977.v478dd9e956c3 does not check whether the main (Jenkinsfile) script for a rebuilt build is approved, allowing attackers with Item/Build permission to rebuild a previous build whose (Jenkinsfile) script is no longer approved.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact total

Vendors	Products
Jenkins	Groovy

No data.

References

Link	Providers
https://nvd.nist.gov/vuln/detail/CVE-2024-52550
https://www.cve.org/CVERecord?id=CVE-2024-52550
https://www.jenkins.io/security/advisory/2024-11-13/#SECURITY-3362

History

Tue, 26 Nov 2024 15:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Jenkins Jenkins groovy
Weaknesses		CWE-354
CPEs		cpe:2.3:a:jenkins:groovy::::::jenkins::*
Vendors & Products		Jenkins Jenkins groovy
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Sat, 16 Nov 2024 02:00:00 +0000

Type	Values Removed	Values Added
Title		jenkins-plugin/workflow-cps: Lack of Approval Check for Rebuilt Jenkins Pipelines
Weaknesses		CWE-862
References		https://nvd.nist.gov/vuln/detail/CVE-2024-52550 https://www.cve.org/CVERecord?id=CVE-2024-52550
Metrics	threat_severity `None`	cvssV3_1 `{'score': 8.0, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H'}` threat_severity `Important`

Wed, 13 Nov 2024 21:00:00 +0000

Type	Values Removed	Values Added
Description		Jenkins Pipeline: Groovy Plugin 3990.vd281dd77a_388 and earlier, except 3975.3977.v478dd9e956c3 does not check whether the main (Jenkinsfile) script for a rebuilt build is approved, allowing attackers with Item/Build permission to rebuild a previous build whose (Jenkinsfile) script is no longer approved.
References		https://www.jenkins.io/security/advisory/2024-11-13/#SECURITY-3362

MITRE

Status: PUBLISHED

Assigner: jenkins

Published: 2024-11-13T20:53:00.972Z

Updated: 2024-11-26T14:45:03.205Z

Reserved: 2024-11-12T15:28:28.980Z

Link: CVE-2024-52550

Vulnrichment

Updated: 2024-11-13T21:26:57.212Z

NVD

Status : Awaiting Analysis

Published: 2024-11-13T21:15:29.293

Modified: 2024-11-26T15:15:34.650

Link: CVE-2024-52550

Redhat

Severity : Important

Publid Date: 2024-11-13T20:53:00Z

Links: CVE-2024-52550 - Bugzilla

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

Exploitation none

Automatable no

Technical Impact total

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object