Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

GHSA-mrpr-vr82-x88r

GitHub Security Advisory

Rebuilding a run with revoked script approval allowed by Jenkins Pipeline: Groovy Plugin

✓ GitHub Reviewed HIGH Has CVE
View on GitHub

Advisory Details

Jenkins Pipeline: Groovy Plugin 3990.vd281dd77a_388 and earlier, except 3975.3977.v478dd9e956c3 does not check whether the main (Jenkinsfile) script for a rebuilt build is approved, allowing attackers with Item/Build permission to rebuild a previous build whose (Jenkinsfile) script is no longer approved. This allows attackers with Item/Build permission to rebuild a previous build whose (Jenkinsfile) script is no longer approved. Pipeline: Groovy Plugin 3993.v3e20a_37282f8 refuses to rebuild a build whose main (Jenkinsfile) script is unapproved.

Affected Packages

Maven org.jenkins-ci.plugins.workflow:workflow-cps
Affected versions: 0 (fixed in 3993.v3e20a)

Related CVEs

CVE-2024-52550

Key Information

GHSA ID
GHSA-mrpr-vr82-x88r
Published
November 13, 2024 9:30 PM
Last Modified
November 26, 2024 7:00 PM
CVSS Score
7.5 /10
Primary Ecosystem
Maven
Primary Package
org.jenkins-ci.plugins.workflow:workflow-cps
GitHub Reviewed
✓ Yes

Dataset

Last updated: July 1, 2025 6:26 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.