CVE-2024-34146

May 2, 2024, 6 p.m.

None
No Score

Description

Jenkins Git server Plugin 114.v068a_c7cc2574 and earlier does not perform a permission check for read access to a Git repository over SSH, allowing attackers with a previously configured SSH public key but lacking Overall/Read permission to access these repositories.

Product(s) Impacted

Product Versions
Jenkins Git server Plugin
  • 114.v068a_c7cc2574 and earlier
Jenkins Git server Plugin
  • before 114.v068a_c7cc2574

Weaknesses

References

http://www.openwall.com/lists/oss-security/2024/05/02/3
https://www.jenkins.io/security/advisory/2024-05-02/#SECURITY-3342

Tags

2024-05-02
jenkinsci-cert@googlegroups.com
CVE-2024-34146

Date

  • Published: May 2, 2024, 2:15 p.m.
  • Last Modified: May 2, 2024, 6 p.m.

Status : Awaiting Analysis

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

jenkinsci-cert@googlegroups.com

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.