Incorrect Permission Assignment for Critical Resource Affecting org.jenkins-ci.plugins:git-server package, versions [0,]


Severity

Recommended
0.0
medium
0
10

CVSS assessment made by Snyk's Security Team. Learn more

Threat Intelligence

EPSS
0.04% (11th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk IDSNYK-JAVA-ORGJENKINSCIPLUGINS-6807577
  • published3 May 2024
  • disclosed3 May 2024
  • creditDaniel Beck

Introduced: 3 May 2024

CVE-2024-34146  (opens in a new tab)
CWE-732  (opens in a new tab)

How to fix?

A fix was pushed into the master branch but not yet published.

Overview

Affected versions of this package are vulnerable to Incorrect Permission Assignment for Critical Resource due to not performing a permission check for read access to a Git repository over SSH.This allows attackers with a previously configured SSH public key but lacking Overall/Read permission to access Git repositories.

Note: This is fixed in Git server Plugin 117.veb_68868fa_027.

CVSS Scores

version 3.1