CVE-2024-28159
Description
Missing permission check in Jenkins Subversion Partial Release Manager Plugin allows attackers with Item/Read permission to trigger builds.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Missing permission check in Jenkins Subversion Partial Release Manager Plugin allows attackers with Item/Read permission to trigger builds.
Vulnerability
Description In Jenkins Subversion Partial Release Manager Plugin version 1.0.1 and earlier, a missing permission check allows users with only Item/Read permission to trigger a build. The plugin fails to verify that the user has the necessary Build or Configure permission for this action. [1]
Exploitation
An attacker who has Item/Read permission on a Jenkins project configured with this plugin can exploit this vulnerability by directly triggering a build through the plugin's functionality. No additional privileges are required. [1][2]
Impact
Successful exploitation enables the attacker to trigger builds arbitrarily, potentially causing resource exhaustion, denial of service, or unauthorized execution of build steps. The severity depends on the build's configuration and environment. [1]
Mitigation
As of the advisory date (2024-03-06), no patch is available for this vulnerability. Users are recommended to restrict Item/Read access or remove the plugin if not essential. [1][2]
AI Insight generated on May 20, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.jenkins-ci.plugins:svn-partial-release-mgrMaven | <= 1.0.1 | — |
Affected products
2- Range: 0
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
4- github.com/advisories/GHSA-mr9j-qqjh-67f2ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2024-28159ghsaADVISORY
- www.jenkins.io/security/advisory/2024-03-06/ghsavendor-advisoryWEB
- www.openwall.com/lists/oss-security/2024/03/06/3ghsaWEB
News mentions
1- Jenkins Security Advisory 2024-03-06Jenkins Security Advisories · Mar 6, 2024