CVE-2024-43045

Jenkins 2.470 and earlier, LTS 2.452.3 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to access other users' "My Views".
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*
cpe:2.3:a:jenkins:jenkins:*:*:*:*:-:*:*:*

History

16 Aug 2024, 17:21

Type Values Removed Values Added
CWE CWE-862
First Time Jenkins
Jenkins jenkins
References () https://www.jenkins.io/security/advisory/2024-08-07/#SECURITY-3349 - () https://www.jenkins.io/security/advisory/2024-08-07/#SECURITY-3349 - Vendor Advisory
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 6.3
CPE cpe:2.3:a:jenkins:jenkins:*:*:*:*:-:*:*:*
cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*
Summary
  • (es) Jenkins 2.470 y anteriores, LTS 2.452.3 y anteriores no realizan una verificación de permisos en un endpoint HTTP, lo que permite a los atacantes con permiso general/lectura acceder a "Mis vistas" de otros usuarios.

07 Aug 2024, 14:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-08-07 14:15

Updated : 2024-08-16 17:21


NVD link : CVE-2024-43045

Mitre link : CVE-2024-43045

CVE.ORG link : CVE-2024-43045


JSON object : View

Products Affected

jenkins

  • jenkins
CWE
CWE-862

Missing Authorization