Information Exposure Affecting org.jenkins-ci.plugins:script-security package, versions [,1362.1364.v4cf2dc5d8776) [1365.v4778ca_84b_de5,1365.1367.va_3b_b_89f8a_95b_) [1366.vd44b_49a_5c85c,1368.vb_b_402e3547e7)
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-JAVA-ORGJENKINSCIPLUGINS-8376683
- published 14 Nov 2024
- disclosed 14 Nov 2024
- credit Unknown
Introduced: 14 Nov 2024
New CVE-2024-52549 Open this link in a new tabHow to fix?
Upgrade org.jenkins-ci.plugins:script-security to version 1362.1364.v4cf2dc5d8776, 1365.1367.va_3b_b_89f8a_95b_, 1368.vb_b_402e3547e7 or higher.
Overview
org.jenkins-ci.plugins:script-security is a package that allows Jenkins administrators to control what in-process scripts can be run by less-privileged users.
Affected versions of this package are vulnerable to Information Exposure due to missing checks of permissions in the method implementing form validation, which allows attackers with Overall/Read permission to check for the existence of files on the controller file system.