Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

GHSA-8pv9-qh96-9hc6

GitHub Security Advisory

Jenkins does not perform a permission check in an HTTP endpoint

✓ GitHub Reviewed MODERATE Has CVE
View on GitHub

Advisory Details

Jenkins 2.470 and earlier, LTS 2.452.3 and earlier does not perform a permission check in an HTTP endpoint.

This allows attackers with Overall/Read permission to access other users' "My Views". Attackers with global View/Configure and View/Delete permissions are also able to change other users' "My Views".

Jenkins 2.471, LTS 2.452.4, LTS 2.462.1 restricts access to a user’s "My Views" to the owning user and administrators.

Affected Packages

Maven org.jenkins-ci.main:jenkins-core
Affected versions: 0 (fixed in 2.452.4)
Maven org.jenkins-ci.main:jenkins-core
Affected versions: 2.460 (fixed in 2.462.1)
Maven org.jenkins-ci.main:jenkins-core
Affected versions: 2.470 (fixed in 2.471)

Related CVEs

CVE-2024-43045

Key Information

GHSA ID
GHSA-8pv9-qh96-9hc6
Published
August 7, 2024 3:30 PM
Last Modified
March 25, 2025 8:03 PM
CVSS Score
5.0 /10
Primary Ecosystem
Maven
Primary Package
org.jenkins-ci.main:jenkins-core
GitHub Reviewed
✓ Yes

Dataset

Last updated: August 24, 2025 6:28 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.