Products
Jenkins Git server Plugin
- 114.v068a_c7cc2574 and earlier
Jenkins Git server Plugin
- before 114.v068a_c7cc2574
Source
jenkinsci-cert@googlegroups.com
Tags
CVE-2024-34146 details
Published : May 2, 2024, 2:15 p.m.
Last Modified : May 2, 2024, 6 p.m.
Last Modified : May 2, 2024, 6 p.m.
Description
Jenkins Git server Plugin 114.v068a_c7cc2574 and earlier does not perform a permission check for read access to a Git repository over SSH, allowing attackers with a previously configured SSH public key but lacking Overall/Read permission to access these repositories.
CVSS Score
1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 |
---|
Weakness
Weakness | Name | Description |
---|
References
URL | Source |
---|---|
http://www.openwall.com/lists/oss-security/2024/05/02/3 | jenkinsci-cert@googlegroups.com |
https://www.jenkins.io/security/advisory/2024-05-02/#SECURITY-3342 | jenkinsci-cert@googlegroups.com |
This website uses the NVD API, but is not approved or certified by it.