CVE-2024-34146
May 2, 2024, 6 p.m.
Tags
Product(s) Impacted
Jenkins Git server Plugin
- 114.v068a_c7cc2574 and earlier
Jenkins Git server Plugin
- before 114.v068a_c7cc2574
Description
Jenkins Git server Plugin 114.v068a_c7cc2574 and earlier does not perform a permission check for read access to a Git repository over SSH, allowing attackers with a previously configured SSH public key but lacking Overall/Read permission to access these repositories.
Weaknesses
Date
Published: May 2, 2024, 2:15 p.m.
Last Modified: May 2, 2024, 6 p.m.
Status : Awaiting Analysis
CVE has been recently published to the CVE List and has been received by the NVD.
More infoSource
jenkinsci-cert@googlegroups.com
References
http://www.openwall.com/
jenkinsci-cert@googlegroups.com
https://www.jenkins.io/
jenkinsci-cert@googlegroups.com