Vulnerability-Lookup - Search a vulnerability

Vulnerabilites related to jenkins - shared_library_version_override

Vulnerability from fkie_nvd

Published

2024-11-13 21:15

Modified

2025-10-03 00:56

Severity ?

8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

Jenkins Shared Library Version Override Plugin 17.v786074c9fce7 and earlier declares folder-scoped library overrides as trusted, so that they're not executed in the Script Security sandbox, allowing attackers with Item/Configure permission on a folder to configure a folder-scoped library override that runs without sandbox protection.

References

▼	URL	Tags
	jenkinsci-cert@googlegroups.com	https://www.jenkins.io/security/advisory/2024-11-13/#SECURITY-3466	Vendor Advisory

Impacted products

	Vendor	Product	Version
	jenkins	shared_library_version_override	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:jenkins:shared_library_version_override:*:*:*:*:*:jenkins:*:*",
              "matchCriteriaId": "1F157EB3-F633-4DCB-B2E1-CC7B390AD269",
              "versionEndIncluding": "17.v786074c9fce7",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Jenkins Shared Library Version Override Plugin 17.v786074c9fce7 and earlier declares folder-scoped library overrides as trusted, so that they\u0027re not executed in the Script Security sandbox, allowing attackers with Item/Configure permission on a folder to configure a folder-scoped library override that runs without sandbox protection."
    },
    {
      "lang": "es",
      "value": "El complemento de anulaci\u00f3n de versi\u00f3n de librer\u00eda compartida de Jenkins 17.v786074c9fce7 y versiones anteriores declara que las anulaciones de librer\u00eda con \u00e1mbito de carpeta son confiables, de modo que no se ejecutan en el entorno aislado de seguridad de script, lo que permite a los atacantes con permiso de Elemento/Configurar en una carpeta configurar una anulaci\u00f3n de librer\u00eda con \u00e1mbito de carpeta que se ejecuta sin protecci\u00f3n de entorno aislado."
    }
  ],
  "id": "CVE-2024-52554",
  "lastModified": "2025-10-03T00:56:06.223",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary"
      }
    ]
  },
  "published": "2024-11-13T21:15:29.540",
  "references": [
    {
      "source": "jenkinsci-cert@googlegroups.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.jenkins.io/security/advisory/2024-11-13/#SECURITY-3466"
    }
  ],
  "sourceIdentifier": "jenkinsci-cert@googlegroups.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-862"
        }
      ],
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary"
    }
  ]
}

CVE-2024-52554 (GCVE-0-2024-52554)

Vulnerability from cvelistv5