4.3

CVSS Score

3.1

-

CVSS Score

Basic Information

CVE ID

CVE-2024-52549

GHSA ID

GHSA-jv82-75fh-23r7

EPSS Score

0.20448%

CWE

CWE-306

Published

11/13/2024

Updated

11/14/2024

KEV Status

Technology

Java

Basic Information

CVE ID

GHSA ID

EPSS Score

CWE

Published

Updated

KEV Status

Technology

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2024-52549

CVE-2024-52549: Missing permission check in Jenkins Script Security Plugin

Jenkins Script Security Plugin 1367.vdf2fc45f229c and earlier, except 1365.1367.va_3b_b_89f8a_95b_ and 1362.1364.v4cf2dc5d8776, does not perform a permission check in a method implementing form validation, allowing attackers with Overall/Read permission to check for the existence of files on the controller file system. This allows attackers with Overall/Read permission to check for the existence of files on the controller file system. Script Security Plugin 1368.vb_b_402e3547e7 requires Overall/Administer permission for the affected form validation method.

(GitHub Advisory)

Miggo Vulnerability Database

→

CVE-2024-52549

CVE-2024-52549:

4.3

CVSS Score

3.1

-

CVSS Score

Basic Information

CVE ID

CVE-2024-52549

GHSA ID

GHSA-jv82-75fh-23r7

EPSS Score

0.20448%

CWE

CWE-306

Published

11/13/2024

Updated

11/14/2024

KEV Status

Technology

Java

Basic Information

CVE ID

GHSA ID

EPSS Score

CWE

Published

Updated

KEV Status

Technology

Technical Details

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
org.jenkins-ci.plugins:script-security	maven	< 1368.vb	1368.vb

Technical Details

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability describes a missing permission check in a form validation method. In Jenkins plugins, form validation methods are typically named 'doCheck*' and reside in DescriptorImpl classes. The ScriptApproval class handles script security validations, and its DescriptorImpl would be responsible for configuration-related checks. The advisory specifically mentions form validation methods requiring permission checks, aligning with Jenkins' security patterns. The high confidence comes from the direct match between the vulnerability description and Jenkins' architectural patterns, though exact method names are inferred without patch details.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.

Reasoning

*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.

4.3

-

Basic Information

Basic Information

Concerned about an active attack path?

CVE-2024-52549: Missing permission check in Jenkins Script Security Plugin

CVE-2024-52549:

4.3

-

Basic Information

Basic Information

Technical Details

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability IntelligenceMiggo AI

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

CVE-2024-52549: Missing permission check in Jenkins Script Security Plugin

Basic Information

Basic Information

4.3

4.3

Technical Details

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI