CVE-2024-52549
- Source
- https://cve.org/CVERecord?id=CVE-2024-52549
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-52549.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2024-52549
- Aliases
- Downstream
- Related
- Published
- 2024-11-13T21:15:29.233Z
- Modified
- 2026-02-03T07:38:02.255325Z
- Severity
-
- 4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVSS Calculator
- Summary
- [none]
- Details
-
Jenkins Script Security Plugin 1367.vdf2fc45f229c and earlier, except 1365.1367.va3bb89f8a95b_ and 1362.1364.v4cf2dc5d8776, does not perform a permission check in a method implementing form validation, allowing attackers with Overall/Read permission to check for the existence of files on the controller file system.
- References
Affected packages
Git / github.com/jenkinsci/script-security-plugin
Database specific
vanir_signatures
[
{
"signature_type": "Line",
"deprecated": false,
"signature_version": "v1",
"source": "https://github.com/jenkinsci/script-security-plugin/commit/4cf2dc5d8776b119e25d203abbe695fc618c5129",
"id": "CVE-2024-52549-0e0a8c4a",
"digest": {
"threshold": 0.9,
"line_hashes": [
"193410768796351728727837844957838058436",
"308449359965148705106045089545175663024",
"70254606833208612478548142620525665098",
"145388454790940895567368335367892403959",
"31321161448093970395994335414378363678",
"312627828705634245046445452119695915922",
"68318486562706965078557680180936860408",
"20352715551907359143121437263126143571",
"90652348198020426199518007589717669421",
"101534678982371058730167491000974325178",
"152630884979021048180118070804443023465",
"105924225983465571160070043219025750091",
"256005176241261059819027871433164645265",
"219636036993808822974804566224973852703",
"268733109085444326595412406276556843127",
"292489530028342391509674792423830728461",
"131124704568120059738221446934279290012"
]
},
"target": {
"file": "src/test/java/org/jenkinsci/plugins/scriptsecurity/scripts/ClasspathEntryTest.java"
}
},
{
"signature_type": "Function",
"deprecated": false,
"signature_version": "v1",
"source": "https://github.com/jenkinsci/script-security-plugin/commit/4cf2dc5d8776b119e25d203abbe695fc618c5129",
"id": "CVE-2024-52549-25799be9",
"digest": {
"function_hash": "259207047481206575408060854090071958148",
"length": 469.0
},
"target": {
"file": "src/main/java/org/jenkinsci/plugins/scriptsecurity/scripts/ClasspathEntry.java",
"function": "doCheckPath"
}
},
{
"signature_type": "Line",
"deprecated": false,
"signature_version": "v1",
"source": "https://github.com/jenkinsci/script-security-plugin/commit/df2fc45f229c75a4ab8c88800bee49370462eb7b",
"id": "CVE-2024-52549-294b46e4",
"digest": {
"threshold": 0.9,
"line_hashes": [
"115990658712768387970246809154395868532",
"138186676522442842801574422223029159040",
"16726508723013188499162524662484829422",
"72085625145467891578345819093221342977",
"180932663159761635786772658322431584324",
"73620906761983200820242889826469696064",
"198647728397962202604970700199692099222",
"243398820114319998908652490873345731413"
]
},
"target": {
"file": "src/test/java/org/jenkinsci/plugins/scriptsecurity/scripts/ScriptApprovalTest.java"
}
},
{
"signature_type": "Line",
"deprecated": false,
"signature_version": "v1",
"source": "https://github.com/jenkinsci/script-security-plugin/commit/df2fc45f229c75a4ab8c88800bee49370462eb7b",
"id": "CVE-2024-52549-2d981b70",
"digest": {
"threshold": 0.9,
"line_hashes": [
"298265654008938900139586682242761835059",
"303587941315548539570852169976695413163",
"76319504842640797098792906537605975876",
"7540902196679299518401904062414760912",
"216755525460860575574372774138002558995",
"293223426762218016099662457675975582593",
"116459599334184889173696816944066522699"
]
},
"target": {
"file": "src/test/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/SecureGroovyScriptTest.java"
}
},
{
"signature_type": "Line",
"deprecated": false,
"signature_version": "v1",
"source": "https://github.com/jenkinsci/script-security-plugin/commit/df2fc45f229c75a4ab8c88800bee49370462eb7b",
"id": "CVE-2024-52549-2fb85fad",
"digest": {
"threshold": 0.9,
"line_hashes": [
"121401065745272691456616809290432105089",
"99936363009884750065822361300637807244",
"172018105309702121110937462130282164555",
"181079154230001530921029546761840148201",
"74513349661603546449462425540165311816",
"153442747822212526140513866453217909526",
"57219779169175303186725252468359239681",
"105124471788567763517570906078603911370",
"93259062579358952363566289665693448404",
"281932561138603240275824642854817483176",
"328643586658102199960297314873532001011",
"149272798313611667480993815337082537984",
"138288843478249037364598363937821730233"
]
},
"target": {
"file": "src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/SecureGroovyScript.java"
}
},
{
"signature_type": "Function",
"deprecated": false,
"signature_version": "v1",
"source": "https://github.com/jenkinsci/script-security-plugin/commit/df2fc45f229c75a4ab8c88800bee49370462eb7b",
"id": "CVE-2024-52549-32900fb1",
"digest": {
"function_hash": "188002348004619004866325142170773354096",
"length": 1344.0
},
"target": {
"file": "src/main/java/org/jenkinsci/plugins/scriptsecurity/scripts/ScriptApproval.java",
"function": "checking"
}
},
{
"signature_type": "Function",
"deprecated": false,
"signature_version": "v1",
"source": "https://github.com/jenkinsci/script-security-plugin/commit/df2fc45f229c75a4ab8c88800bee49370462eb7b",
"id": "CVE-2024-52549-65b33ab0",
"digest": {
"function_hash": "78318377833623162319083426021434693671",
"length": 841.0
},
"target": {
"file": "src/test/java/org/jenkinsci/plugins/scriptsecurity/scripts/ScriptApprovalTest.java",
"function": "forceSandboxFormValidation"
}
},
{
"signature_type": "Function",
"deprecated": false,
"signature_version": "v1",
"source": "https://github.com/jenkinsci/script-security-plugin/commit/df2fc45f229c75a4ab8c88800bee49370462eb7b",
"id": "CVE-2024-52549-746ae4fc",
"digest": {
"function_hash": "261680094247190067394564486575379511082",
"length": 84.0
},
"target": {
"file": "src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/SecureGroovyScript.java",
"function": "SecureGroovyScript"
}
},
{
"signature_type": "Line",
"deprecated": false,
"signature_version": "v1",
"source": "https://github.com/jenkinsci/script-security-plugin/commit/4cf2dc5d8776b119e25d203abbe695fc618c5129",
"id": "CVE-2024-52549-786c6515",
"digest": {
"threshold": 0.9,
"line_hashes": [
"24547975384074007603511287741408394634",
"235005261391228511367957503664577997348",
"169968529053850430407217217721100964666",
"328917981062353611706021529637738109754",
"157086698411370408145979854950384106838",
"208053156037906562936496021286795690056",
"147097497329705971013015164632204890555"
]
},
"target": {
"file": "src/main/java/org/jenkinsci/plugins/scriptsecurity/scripts/ClasspathEntry.java"
}
},
{
"signature_type": "Line",
"deprecated": false,
"signature_version": "v1",
"source": "https://github.com/jenkinsci/script-security-plugin/commit/df2fc45f229c75a4ab8c88800bee49370462eb7b",
"id": "CVE-2024-52549-7cbaab08",
"digest": {
"threshold": 0.9,
"line_hashes": [
"16891613943620612653978312594482224495",
"298049473950118688869798983929592032603",
"79758890575670226786386453639940994600",
"75088921506804996324325156702303897976",
"307166972000958071940537280991130042706",
"5008135733829923149531728199062633833",
"89845335589148858983403311433725570392",
"65374015000272467200107067845940956311",
"172812549018666363085804745166099284071",
"229930563476338384423532964211594367796",
"325072502388188998019657649268129567841",
"46415241839535215826317488315243059981",
"179416388391728769889967166997326854743"
]
},
"target": {
"file": "src/main/java/org/jenkinsci/plugins/scriptsecurity/scripts/ScriptApproval.java"
}
},
{
"signature_type": "Function",
"deprecated": false,
"signature_version": "v1",
"source": "https://github.com/jenkinsci/script-security-plugin/commit/df2fc45f229c75a4ab8c88800bee49370462eb7b",
"id": "CVE-2024-52549-a39d2273",
"digest": {
"function_hash": "72819067873394351852238086679347781357",
"length": 150.0
},
"target": {
"file": "src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/SecureGroovyScript.java",
"function": "SecureGroovyScript"
}
}
]
source
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-52549.json"