VDB

BIT-jenkins-2024-47804

BIT-jenkins-2024-47804 PUBLISHED CVSS 4.300000190734863 MEDIUM

If an attempt is made to create an item of a type prohibited by `ACL#hasCreatePermission2` or `TopLevelItemDescriptor#isApplicableIn(ItemGroup)` through the Jenkins CLI or the REST API and either of these checks fail, Jenkins LTS 2.462.2 and earlier creates the item in memory, only deleting it from disk, allowing attackers with Item/Configure permission to save the item to persist it, effectively bypassing the item creation restriction.

Risk Scores

CVSS 3.1
4.300000190734863
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Affected Products

VendorProductVersions
Bitnamijenkins0, 0, 0

Timeline

  • Oct 4, 2024 CVE Published
  • Apr 3, 2025 CVE Updated
Open in Interactive Console →
$ Console Community · 100/wk Open console ›