Undergoing Analysis
CVE has been recently published to the CVE List and has been received by the NVD.
CVE has been recently published to the CVE List and has been received by the NVD.
Products
Jenkins
- 2.470 and earlier
- LTS 2.452.3 and earlier
Source
jenkinsci-cert@googlegroups.com
Tags
CVE-2024-43045 details
Published : Aug. 7, 2024, 2:15 p.m.
Last Modified : Aug. 7, 2024, 3:17 p.m.
Last Modified : Aug. 7, 2024, 3:17 p.m.
Description
Jenkins 2.470 and earlier, LTS 2.452.3 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to access other users' "My Views".
CVSS Score
| 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 |
|---|
Weakness
| Weakness | Name | Description |
|---|
References
| URL | Source |
|---|---|
| https://www.jenkins.io/security/advisory/2024-08-07/#SECURITY-3349 | jenkinsci-cert@googlegroups.com |
This website uses the NVD API, but is not approved or certified by it.