Lucene search

[email protected]CVE-2024-23901

HistoryJan 24, 2024 - 6:15 p.m.

CVE-2024-23901

2024-01-2418:15:09

NVD-CWE-noinfo

[email protected]

web.nvd.nist.gov

cve-2024-23901

jenkins

gitlab

branch source plugin

security vulnerability

nvd

cve

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

7 High

AI Score

Confidence

Low

6.4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

0.0005 Low

EPSS

Percentile

16.6%

JSON

Jenkins GitLab Branch Source Plugin 684.vea_fa_7c1e2fe3 and earlier unconditionally discovers projects that are shared with the configured owner group, allowing attackers to configure and share a project, resulting in a crafted Pipeline being built by Jenkins during the next scan of the group.

CPENameOperatorVersion
jenkins:github_branch_sourcejenkins github branch sourcele684.vea_fa_7c1e2fe3
jenkins:github_branch_sourcejenkins github branch sourceeq2.2.0
jenkins:github_branch_sourcejenkins github branch sourceeq2.2.6
jenkins:github_branch_sourcejenkins github branch sourceeq2.0.0
jenkins:github_branch_sourcejenkins github branch sourceeq1.4
jenkins:github_branch_sourcejenkins github branch sourceeq2.0.3
jenkins:github_branch_sourcejenkins github branch sourceeq2.0.5
jenkins:github_branch_sourcejenkins github branch sourceeq2.3.4
jenkins:github_branch_sourcejenkins github branch sourceeq2.4.3
jenkins:github_branch_sourcejenkins github branch sourceeq2.3.2

CPE	Name	Operator	Version
jenkins:github_branch_source	jenkins github branch source	le	684.vea_fa_7c1e2fe3
jenkins:github_branch_source	jenkins github branch source	eq	2.2.0
jenkins:github_branch_source	jenkins github branch source	eq	2.2.6
jenkins:github_branch_source	jenkins github branch source	eq	2.0.0
jenkins:github_branch_source	jenkins github branch source	eq	1.4
jenkins:github_branch_source	jenkins github branch source	eq	2.0.3
jenkins:github_branch_source	jenkins github branch source	eq	2.0.5
jenkins:github_branch_source	jenkins github branch source	eq	2.3.4
jenkins:github_branch_source	jenkins github branch source	eq	2.4.3
jenkins:github_branch_source	jenkins github branch source	eq	2.3.2

Rows per page:

1-10 of 451

References

www.openwall.com/lists/oss-security/2024/01/24/6

www.jenkins.io/security/advisory/2024-01-24/#SECURITY-3040

Social References

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

7 High

AI Score

Confidence

Low

6.4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

0.0005 Low

EPSS

Percentile

16.6%

JSON

Related for CVE-2024-23901

osv1 cvelist1 github1 prion1 alpinelinux1 nessus1 redos1