Medium severity6.3NVD Advisory· Published Aug 7, 2024· Updated Jun 17, 2026
CVE-2024-43045
CVE-2024-43045
Description
Jenkins 2.470 and earlier, LTS 2.452.3 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to access other users' "My Views".
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.jenkins-ci.main:jenkins-coreMaven | < 2.452.4 | 2.452.4 |
org.jenkins-ci.main:jenkins-coreMaven | >= 2.460, < 2.462.1 | 2.462.1 |
org.jenkins-ci.main:jenkins-coreMaven | >= 2.470, < 2.471 | 2.471 |
Affected products
10- osv-coords9 versionspkg:apk/chainguard/jenkinspkg:apk/chainguard/jenkins-2.462pkg:apk/chainguard/jenkins-compatpkg:apk/chainguard/jenkins-remotingpkg:apk/wolfi/jenkinspkg:apk/wolfi/jenkins-compatpkg:apk/wolfi/jenkins-remotingpkg:bitnami/jenkinspkg:maven/org.jenkins-ci.main/jenkins-core
< 2.471-r0+ 8 more
- (no CPE)range: < 2.471-r0
- (no CPE)range: < 2.462.3-r8
- (no CPE)range: < 2.471-r0
- (no CPE)range: < 2.471-r0
- (no CPE)range: < 2.471-r0
- (no CPE)range: < 2.471-r0
- (no CPE)range: < 2.471-r0
- (no CPE)range: < 2.462.1
- (no CPE)range: < 2.452.4
- Range: 2.452.4
Patches
Vulnerability mechanics
References
6- github.com/advisories/GHSA-8pv9-qh96-9hc6ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2024-43045ghsaADVISORY
- www.jenkins.io/security/advisory/2024-08-07/nvdVendor AdvisoryWEB
- github.com/jenkinsci/jenkins/commit/0c13259cebc6a780fee7825838f4dd98ece8e68aghsaWEB
- github.com/jenkinsci/jenkins/commit/3752f406bfef764e4954238acf44343169ae5799ghsaWEB
- github.com/jenkinsci/jenkins/commit/efece77d759b38c95b39b191051a8203bbc2f428ghsaWEB
News mentions
1- Jenkins Security Advisory 2024-08-07Jenkins Security Advisories · Aug 7, 2024