CVE-2024-34146 (Medium) detected in git-server-1.11.jar #4675
Labels
Mend: dependency security vulnerability
Security vulnerability detected by WhiteSource
Comments
mend-for-github-com
bot
added
the
Mend: dependency security vulnerability
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
CVE-2024-34146 - Medium Severity Vulnerability
This library plugin provides embedded Git server capability inside Jenkins
Path to dependency file: /build.gradle
Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.jenkins-ci.plugins/git-server/1.11/23a663a8c44397c631b068932fe92f2615ac04c4/git-server-1.11.jar
Dependency Hierarchy:
Found in HEAD commit: c9934b385037128b6444abf6cd7fccd3a7405c2b
Found in base branch: main
Jenkins Git server Plugin 114.v068a_c7cc2574 and earlier does not perform a permission check for read access to a Git repository over SSH, allowing attackers with a previously configured SSH public key but lacking Overall/Read permission to access these repositories.
Publish Date: 2024-05-02
URL: CVE-2024-34146
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: Low
- Integrity Impact: None
- Availability Impact: None
For more information on CVSS3 Scores, click here.Type: Upgrade version
Origin: https://www.cve.org/CVERecord?id=CVE-2024-34146
Release Date: 2024-05-02
Fix Resolution: org.jenkins-ci.plugins:git-server:117.veb_68868fa_027
The text was updated successfully, but these errors were encountered: