CVE-2024-34148

MEDIUM

Jenkins Subversion Partial Release Manager Plugin <1.0.1 - RCE

Title source: llm

Description

Jenkins Subversion Partial Release Manager Plugin 1.0.1 and earlier programmatically disables the fix for CVE-2016-3721 whenever a build is triggered from a release tag, by setting the Java system property 'hudson.model.ParametersAction.keepUndefinedParameters'.

References (2)

[Mailing List] http://www.openwall.com/lists/oss-security/2024/05/02/3

[Vendor Advisory] https://www.jenkins.io/security/advisory/2024-05-02/#SECURITY-3331

Scores

CVSS v3 6.8

EPSS 0.0040

EPSS Percentile 60.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-1321

Status published

Products (2)

jenkins/subversion_partial_release_manager < 1.0.1

org.jenkins-ci.plugins/partial-release-manager 0Maven

Published May 02, 2024

Tracked Since Feb 18, 2026