DirectorySecurity Advisories
Sign In
Security Advisories

CGA-pq8h-mv59-rcvg

Published

Last updated

https://images.chainguard.dev/security/CGA-pq8h-mv59-rcvg
Package

jenkins-2.462

Latest Update
Fixed
Fixed Version

2.462.3-r3

Aliases
  • CVE-2024-52549
  • GHSA-jv82-75fh-23r7

Severity

4.3

Medium

CVSS V3

Summary

Missing permission check in Jenkins Script Security Plugin

Description

Jenkins Script Security Plugin 1367.vdf2fc45f229c and earlier, except 1365.1367.va_3b_b_89f8a_95b_ and 1362.1364.v4cf2dc5d8776, does not perform a permission check in a method implementing form validation, allowing attackers with Overall/Read permission to check for the existence of files on the controller file system. This allows attackers with Overall/Read permission to check for the existence of files on the controller file system. Script Security Plugin 1368.vb_b_402e3547e7 requires Overall/Administer permission for the affected form validation method.

References

Updates

Safe Source for Open Sourceâ„¢
Media KitContact Us
© 2024 Chainguard. All Rights Reserved.
Private PolicyTerms of Use

Product

Chainguard Images

Why Chainguard

Container Image SecurityVulnerability RemediationCompliance and Risk MitigationSoftware Supply Chain SecurityAI/ML Security

Customers

Customer StoriesChainguard Love

Company

About UsOpen SourceCareersNewsroomLegal

Resources

Unchained BlogResearchEventsTrust CenterDocumentation