Launch Week Day 1: Announcing Security Design Review
Start for Free
HIGH 8.0 Maven

Rebuilding a run with revoked script approval allowed by Jenkins Pipeline: Groovy Plugin

GHSA-mrpr-vr82-x88r · CVE-2024-52550

Published · Modified

Description

Jenkins Pipeline: Groovy Plugin 3990.vd281dd77a_388 and earlier, except 3975.3977.v478dd9e956c3 does not check whether the main (Jenkinsfile) script for a rebuilt build is approved, allowing attackers with Item/Build permission to rebuild a previous build whose (Jenkinsfile) script is no longer approved. This allows attackers with Item/Build permission to rebuild a previous build whose (Jenkinsfile) script is no longer approved. Pipeline: Groovy Plugin 3993.v3e20a_37282f8 refuses to rebuild a build whose main (Jenkinsfile) script is unapproved.

References

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes