9 matches found
CVE-2024-43045
A flaw was found in Jenkins. A missing permission check in an HTTP endpoint allows attackers with Overall/Read permission to access other users' "My Views" or attackers with global View/Configure and View/Delete permissions to change other users' "My Views". Mitigation Mitigation for this issue i...
ColumnPack:ColumnPack-plugin (=1.0.3), CustomHistory:CustomHistory (>=1.1 <=1.3) +1603 more potentially affected by CVE-2024-43045 via org.jenkins-ci.main:jenkins-core (>=1.396 <=2.452.3)
org.jenkins-ci.main:jenkins-core MAVEN version =1.396, =1.1, =0.0.1, =1.0, =1.0, =0.0.1, =0.1.0, =1.0, =0.9, =1.3, =1.0.5.0, =1.0.6.1 and more Source cves: CVE-2024-43045 Source advisory: OSV:GHSA-8PV9-QH96-9HC6...
CVE-2024-43045 vulnerabilities
Vulnerabilities for packages: jenkins...
CVE-2024-43045
Jenkins 2.470 and earlier, LTS 2.452.3 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to access other users' "My Views"...
CVE-2024-43045
Jenkins 2.470 and earlier, LTS 2.452.3 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to access other users' "My Views"...
CVE-2024-43045 vulnerabilities
Vulnerabilities for packages: jenkins...
CVE-2024-43045
Jenkins Core: CVE-2024-43045 affects Jenkins 2.470 and earlier (including LTS 2.452.3 and earlier). It does not perform a permission check on a specific HTTP endpoint, allowing users with Overall/Read (and with some broader permissions) to access other users’ My Views, and potentially to alter th...
Jenkins LTS < 2.452.4 / Jenkins weekly < 2.471 Multiple Vulnerabilities
According to its its self-reported version number, the version of Jenkins running on the remote web server is Jenkins LTS prior to 2.452.4 or Jenkins weekly prior to 2.471. It is, therefore, affected by multiple vulnerabilities: - Jenkins 2.470 and earlier, LTS 2.452.3 and earlier allows agent...
jenkins -- multiple vulnerabilities
Jenkins Security Advisory: Description Critical SECURITY-3430 / CVE-2024-43044 Arbitrary file read vulnerability through agent connections can lead to RCE Description Medium SECURITY-3349 / CVE-2024-43045 Missing permission check allows accessing other users' "My Views"...