CVE-2024-52551

Jenkins Pipeline: Declarative Plugin 2.2214.vbb34b2ea9b_83 and earlier does not check whether the main (Jenkinsfile) script used to restart a build from a specific stage is approved, allowing attackers with Item/Build permission to restart a previous build whose (Jenkinsfile) script is no longer approved.

References

https://www.jenkins.io/security/advisory/2024-11-13/#SECURITY-3361

Affected packages

Git / github.com/jenkinsci/pipeline-model-definition-plugin

Affected ranges

Type: GIT
Repo: https://github.com/jenkinsci/pipeline-model-definition-plugin
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

bb34b2ea9b831f68f7f19d057c9215abb7bac496

Affected versions

2.*

2.2064.v5eef7d0982b_e

2.2075.vce74e77b_ce40

2.2077.vc78ec45162f1

2.2081.v3919681ffc1e

2.2084.v1d2999534103

2.2086.v12b_420f036e5

2.2097.v33db_b_de764b_e

2.2114.v2654ca_721309

2.2118.v31fd5b_9944b_5

2.2121.vd87fb_6536d1e

2.2123.va_31cb_3b_80ef8

2.2125.vddb_a_44a_d605e

2.2131.vb_9788088fdb_5

2.2133.ve46a_6113dfc3

2.2141.v5402e818a_779

2.2144.v077a_d1928a_40

2.2150.v4cfd8916915c

2.2151.ve32c9d209a_3f

2.2168.vf921b_4e72c73

2.2169.vee7cd0efc13e

2.2175.v76a_fff0a_2618

2.2183.vb_36481468374

2.2184.v0b_358b_953e69

2.2188.v26e255fd2984

2.2198.v41dd8ef6dd56

2.2203.v89fa_170c2b_f5

2.2205.vc9522a_9d5711

2.2214.vb_b_34b_2ea_9b_83

pipeline-model-definition-0.*

pipeline-model-definition-0.1

pipeline-model-definition-0.2

pipeline-model-definition-0.3

pipeline-model-definition-0.4

pipeline-model-definition-0.5

pipeline-model-definition-0.6

pipeline-model-definition-0.7

pipeline-model-definition-0.7.1

pipeline-model-definition-0.8

pipeline-model-definition-0.8.1

pipeline-model-definition-0.8.2

pipeline-model-definition-0.9

pipeline-model-definition-0.9.1

pipeline-model-definition-1.*

pipeline-model-definition-1.0

pipeline-model-definition-1.0.1

pipeline-model-definition-1.0.2

pipeline-model-definition-1.1

pipeline-model-definition-1.1.1

pipeline-model-definition-1.1.2

pipeline-model-definition-1.1.3

pipeline-model-definition-1.1.4

pipeline-model-definition-1.1.5

pipeline-model-definition-1.1.6

pipeline-model-definition-1.1.7

pipeline-model-definition-1.1.8

pipeline-model-definition-1.1.9

pipeline-model-definition-1.2

pipeline-model-definition-1.2-beta-4

pipeline-model-definition-1.2-beta-5

pipeline-model-definition-1.2.1

pipeline-model-definition-1.2.2

pipeline-model-definition-1.2.3

pipeline-model-definition-1.2.4

pipeline-model-definition-1.2.5

pipeline-model-definition-1.2.6

pipeline-model-definition-1.2.7

pipeline-model-definition-1.2.8

pipeline-model-definition-1.2.9

pipeline-model-definition-1.3

pipeline-model-definition-1.3.1

pipeline-model-definition-1.3.2

pipeline-model-definition-1.3.3

pipeline-model-definition-1.3.4

pipeline-model-definition-1.3.5

pipeline-model-definition-1.3.6

pipeline-model-definition-1.3.7

pipeline-model-definition-1.3.7-beta-1

pipeline-model-definition-1.3.8

pipeline-model-definition-1.3.9

pipeline-model-definition-1.4.0

pipeline-model-definition-1.4.0-beta1

pipeline-model-definition-1.4.0-beta2

pipeline-model-definition-1.4.0-beta3

pipeline-model-definition-1.4.0-beta4

pipeline-model-definition-1.5.0

pipeline-model-definition-1.5.0-beta1

pipeline-model-definition-1.5.0-rc1

pipeline-model-definition-1.5.1

pipeline-model-definition-1.6.0

pipeline-model-definition-1.7.0

pipeline-model-definition-1.7.1

pipeline-model-definition-1.7.2

pipeline-model-definition-1.8.0

pipeline-model-definition-1.8.1

pipeline-model-definition-1.8.2

pipeline-model-definition-1.8.3

pipeline-model-definition-1.8.4

pipeline-model-definition-1.8.5

pipeline-model-definition-1.9.0

pipeline-model-definition-1.9.1

pipeline-model-definition-1.9.2

pipeline-model-definition-1.9.3

v1.*

v1.9.1

v1.9.2

v1.9.3

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-52551.json"