CVE-2024-52550

HIGH

Jenkins Pipeline: Groovy Plugin <3990.vd281dd77a_388 - Improper Input Validation

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2024-52550. PoCs published by Anton-ai111.

AI-analyzed exploit summary This repository contains a scanner for CVE-2024-52550, which checks for path traversal vulnerabilities in a target URL by attempting to access '/etc/passwd'. It also includes a simple web server setup for testing purposes.

Description

Jenkins Pipeline: Groovy Plugin 3990.vd281dd77a_388 and earlier, except 3975.3977.v478dd9e956c3 does not check whether the main (Jenkinsfile) script for a rebuilt build is approved, allowing attackers with Item/Build permission to rebuild a previous build whose (Jenkinsfile) script is no longer approved.

Exploits (1)

nomisec SCANNER 1 stars
by Anton-ai111 · poc
https://github.com/Anton-ai111/CVE-2024-52550

This repository contains a scanner for CVE-2024-52550, which checks for path traversal vulnerabilities in a target URL by attempting to access '/etc/passwd'. It also includes a simple web server setup for testing purposes.

Classification
Scanner 80%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Theoretical
Target: Unknown (likely a web server or application with path traversal vulnerability)
No auth needed
Prerequisites: Network access to the target · Target URL
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1
Core References

Scores

CVSS v3 8.0
EPSS 0.0399
EPSS Percentile 88.7%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-354
Status published
Products (3)
jenkins/pipeline\ _groovy 3990.vd281dd77a_388
jenkins/pipeline\ < 3975.3977.v478dd9e956c3
org.jenkins-ci.plugins.workflow/workflow-cps 0 - 3993.v3e20aMaven
Published Nov 13, 2024
Tracked Since Feb 18, 2026