Metrics
Affected Vendors & Products
Mon, 25 Nov 2024 19:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Weaknesses | CWE-843 |
Wed, 13 Nov 2024 17:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Jenkins
Jenkins jenkins |
|
Weaknesses | NVD-CWE-noinfo | |
CPEs | cpe:2.3:a:jenkins:jenkins:*:*:*:*:-:*:*:* cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:* |
|
Vendors & Products |
Jenkins
Jenkins jenkins |
|
Metrics |
cvssV3_1
|
cvssV3_1
|
Wed, 06 Nov 2024 02:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Redhat
Redhat ocp Tools |
|
CPEs | cpe:/a:redhat:ocp_tools:4.12::el8 cpe:/a:redhat:ocp_tools:4.13::el8 cpe:/a:redhat:ocp_tools:4.14::el8 cpe:/a:redhat:ocp_tools:4.15::el8 |
|
Vendors & Products |
Redhat
Redhat ocp Tools |
Thu, 03 Oct 2024 01:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Title | jenkins: Item creation restriction bypass vulnerability | |
Weaknesses | CWE-1220 | |
References |
| |
Metrics |
threat_severity
|
cvssV3_1
|
Wed, 02 Oct 2024 17:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Wed, 02 Oct 2024 15:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | If an attempt is made to create an item of a type prohibited by `ACL#hasCreatePermission2` or `TopLevelItemDescriptor#isApplicableIn(ItemGroup)` through the Jenkins CLI or the REST API and either of these checks fail, Jenkins 2.478 and earlier, LTS 2.462.2 and earlier creates the item in memory, only deleting it from disk, allowing attackers with Item/Configure permission to save the item to persist it, effectively bypassing the item creation restriction. | |
References |
|
Status: PUBLISHED
Assigner: jenkins
Published: 2024-10-02T15:35:03.020Z
Updated: 2024-11-25T18:54:31.781Z
Reserved: 2024-10-01T20:59:52.483Z
Link: CVE-2024-47804
Updated: 2024-10-02T16:31:14.661Z
Status : Modified
Published: 2024-10-02T16:15:10.697
Modified: 2024-11-25T19:15:10.873
Link: CVE-2024-47804