Home

Description

Jenkins Shared Library Version Override Plugin 17.v786074c9fce7 and earlier declares folder-scoped library overrides as trusted, so that they're not executed in the Script Security sandbox, allowing attackers with Item/Configure permission on a folder to configure a folder-scoped library override that runs without sandbox protection.

PUBLISHED Reserved 2024-11-12 | Published 2024-11-13 | Updated 2024-11-13 | Assigner jenkins

Product status

Default status
unaffected

Any version
affected

References

www.jenkins.io/security/advisory/2024-11-13/ (Jenkins Security Advisory 2024-11-13) vendor-advisory

cve.org (CVE-2024-52554)

nvd.nist.gov (CVE-2024-52554)

Download JSON