CVE-2024-52554

Published: Nov 13, 2024

Modified: Nov 13, 2024

PUBLISHED

Description

Jenkins Shared Library Version Override Plugin 17.v786074c9fce7 and earlier declares folder-scoped library overrides as trusted, so that they're not executed in the Script Security sandbox, allowing attackers with Item/Configure permission on a folder to configure a folder-scoped library override that runs without sandbox protection.

Vendor	Product	Versions
Jenkins Project	Jenkins Shared Library Version Override Plugin	affected `0 - <= 17.v786074c9fce7`

References

Jenkins Security Advisory 2024-11-13

vendor-advisory

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2024-52554

Description

Affected Products

References