High severityNVD Advisory· Published Nov 13, 2024· Updated Nov 26, 2024
CVE-2024-52550
CVE-2024-52550
Description
Jenkins Pipeline: Groovy Plugin 3990.vd281dd77a_388 and earlier, except 3975.3977.v478dd9e956c3 does not check whether the main (Jenkinsfile) script for a rebuilt build is approved, allowing attackers with Item/Build permission to rebuild a previous build whose (Jenkinsfile) script is no longer approved.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.jenkins-ci.plugins.workflow:workflow-cpsMaven | < 3993.v3e20a | 3993.v3e20a |
Affected products
2- Range: 0
Patches
Vulnerability mechanics
References
3- github.com/advisories/GHSA-mrpr-vr82-x88rghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2024-52550ghsaADVISORY
- www.jenkins.io/security/advisory/2024-11-13/ghsavendor-advisoryWEB
News mentions
1- Jenkins Security Advisory 2024-11-13Jenkins Security Advisories · Nov 13, 2024