CVE-2024-34148

2024-05-0213:28:05

jenkins

www.cve.org

jenkins

subversion

release manager plugin

cve-2024-34148

cve-2016-3721

7 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

62.1%

JSON

Jenkins Subversion Partial Release Manager Plugin 1.0.1 and earlier programmatically disables the fix for CVE-2016-3721 whenever a build is triggered from a release tag, by setting the Java system property ‘hudson.model.ParametersAction.keepUndefinedParameters’.

CNA Affected

[
  {
    "vendor": "Jenkins Project",
    "product": "Jenkins Subversion Partial Release Manager Plugin",
    "versions": [
      {
        "version": "0",
        "versionType": "maven",
        "lessThanOrEqual": "1.0.1",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  }
]