CVE-2024-52550

HIGH

Jenkins Pipeline: Groovy Plugin <3990.vd281dd77a_388 - Improper Input Validation

Title source: llm

Description

Jenkins Pipeline: Groovy Plugin 3990.vd281dd77a_388 and earlier, except 3975.3977.v478dd9e956c3 does not check whether the main (Jenkinsfile) script for a rebuilt build is approved, allowing attackers with Item/Build permission to rebuild a previous build whose (Jenkinsfile) script is no longer approved.

Exploits (1)

nomisec SCANNER 1 stars

by Anton-ai111 · poc

https://github.com/Anton-ai111/CVE-2024-52550

View Code ZIP pw:eip

References (1)

[Vendor Advisory] https://www.jenkins.io/security/advisory/2024-11-13/#SECURITY-3362

Scores

CVSS v3 8.0

EPSS 0.0140

EPSS Percentile 80.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Details

CWE

CWE-354

Status published

Products (3)

jenkins/pipeline\ _groovy 3990.vd281dd77a_388

jenkins/pipeline\ < 3975.3977.v478dd9e956c3

org.jenkins-ci.plugins.workflow/workflow-cps 0 - 3993.v3e20aMaven

Published Nov 13, 2024

Tracked Since Feb 18, 2026