You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.jenkins-ci.plugins/script-security/1229.v4880b_b_e905a_6/6d8dfb75093b8b8973af431a5fb129a91ce87525/script-security-1229.v4880b_b_e905a_6.jar
Jenkins Script Security Plugin 1367.vdf2fc45f229c and earlier, except 1365.1367.va_3b_b_89f8a_95b_ and 1362.1364.v4cf2dc5d8776, does not perform a permission check in a method implementing form validation, allowing attackers with Overall/Read permission to check for the existence of files on the controller file system.
CVE-2024-52549 - Medium Severity Vulnerability
Vulnerable Library - script-security-1229.v4880b_b_e905a_6.jar
Allows Jenkins administrators to control what in-process scripts can be run by less-privileged users.
Library home page: https://github.com/
Path to dependency file: /build.gradle
Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.jenkins-ci.plugins/script-security/1229.v4880b_b_e905a_6/6d8dfb75093b8b8973af431a5fb129a91ce87525/script-security-1229.v4880b_b_e905a_6.jar
Dependency Hierarchy:
Found in HEAD commit: b439dcbcaec85cb505ff1870eaac296568ab9261
Found in base branch: main
Vulnerability Details
Jenkins Script Security Plugin 1367.vdf2fc45f229c and earlier, except 1365.1367.va_3b_b_89f8a_95b_ and 1362.1364.v4cf2dc5d8776, does not perform a permission check in a method implementing form validation, allowing attackers with Overall/Read permission to check for the existence of files on the controller file system.
Publish Date: 2024-11-13
URL: CVE-2024-52549
CVSS 3 Score Details (4.3)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: https://www.jenkins.io/security/advisory/2024-11-13/#SECURITY-3447
Release Date: 2024-11-13
Fix Resolution: io.jenkins.plugins:script-security:1368.vb_b_402e3547e7
The text was updated successfully, but these errors were encountered: