You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.jenkins-ci.main/jenkins-core/2.426.3/eee94c4c0c78e715d2a599eb66a5a89c5eed9d18/jenkins-core-2.426.3.jar
Dependency Hierarchy:
❌ jenkins-core-2.426.3.jar (Vulnerable Library)
Found in base branch: main
Vulnerability Details
If an attempt is made to create an item of a type prohibited by ACL#hasCreatePermission2 or TopLevelItemDescriptor#isApplicableIn(ItemGroup) through the Jenkins CLI or the REST API and either of these checks fail, Jenkins 2.478 and earlier, LTS 2.462.2 and earlier creates the item in memory, only deleting it from disk, allowing attackers with Item/Configure permission to save the item to persist it, effectively bypassing the item creation restriction.
CVE-2024-47804 - Medium Severity Vulnerability
Vulnerable Library - jenkins-core-2.426.3.jar
Jenkins core code and view files to render HTML.
Library home page: https://github.com/jenkinsci/jenkins
Path to dependency file: /build.gradle
Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.jenkins-ci.main/jenkins-core/2.426.3/eee94c4c0c78e715d2a599eb66a5a89c5eed9d18/jenkins-core-2.426.3.jar
Dependency Hierarchy:
Found in base branch: main
Vulnerability Details
If an attempt is made to create an item of a type prohibited by
ACL#hasCreatePermission2
orTopLevelItemDescriptor#isApplicableIn(ItemGroup)
through the Jenkins CLI or the REST API and either of these checks fail, Jenkins 2.478 and earlier, LTS 2.462.2 and earlier creates the item in memory, only deleting it from disk, allowing attackers with Item/Configure permission to save the item to persist it, effectively bypassing the item creation restriction.Publish Date: 2024-10-02
URL: CVE-2024-47804
CVSS 3 Score Details (4.3)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: https://www.jenkins.io/security/advisory/2024-10-02/#SECURITY-3448
Release Date: 2024-10-02
Fix Resolution: org.jenkins-ci.main:jenkins-core:2.462.3,2.479
The text was updated successfully, but these errors were encountered: