VYPR
Moderate severityNVD Advisory· Published Oct 2, 2024· Updated Mar 14, 2025

CVE-2024-47804

CVE-2024-47804

Description

If an attempt is made to create an item of a type prohibited by ACL#hasCreatePermission2 or TopLevelItemDescriptor#isApplicableIn(ItemGroup) through the Jenkins CLI or the REST API and either of these checks fail, Jenkins 2.478 and earlier, LTS 2.462.2 and earlier creates the item in memory, only deleting it from disk, allowing attackers with Item/Configure permission to save the item to persist it, effectively bypassing the item creation restriction.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
org.jenkins-ci.main:jenkins-coreMaven
< 2.462.32.462.3
org.jenkins-ci.main:jenkins-coreMaven
>= 2.466, < 2.4792.479

Affected products

4

Patches

Vulnerability mechanics

References

3

News mentions

1