8

CVSS Score

3.1

Basic Information

CVE ID

CVE-2024-52551

GHSA ID

GHSA-p2qq-c693-q53w

EPSS Score

0.24329%

CWE

CWE-276

Published

11/13/2024

Updated

11/14/2024

KEV Status

Technology

Java

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2024-52551

CVE-2024-52551: Restarting a run with revoked script approval allowed by Jenkins Pipeline: Declarative Plugin

Jenkins Pipeline: Declarative Plugin 2.2214.vb_b_34b_2ea_9b_83 and earlier does not check whether the main (Jenkinsfile) script used to restart a build from a specific stage is approved, allowing attackers with Item/Build permission to restart a previous build whose (Jenkinsfile) script is no longer approved. This allows attackers with Item/Build permission to restart a previous build whose (Jenkinsfile) script is no longer approved. Pipeline: Declarative Plugin 2.2218.v56d0cda_37c72 refuses to restart a build whose main (Jenkinsfile) script is unapproved.

(GitHub Advisory)

8

CVSS Score

3.1

Basic Information

CVE ID

CVE-2024-52551

GHSA ID

GHSA-p2qq-c693-q53w

EPSS Score

0.24329%

CWE

CWE-276

Published

11/13/2024

Updated

11/14/2024

KEV Status

Technology

Java

Technical Details

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
org.jenkinsci.plugins:pipeline-model-parent	maven	< 2.2218.v56d0cda	2.2218.v56d0cda

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability stems from missing script approval checks during build restarts. The RestartDeclarativePipelineAction class is directly responsible for handling restart requests in the Declarative Plugin. The advisory states the patched version added refusal logic for unapproved scripts, implying the vulnerable version's restart handler lacked this check. The function doRestart() would be the logical entry point for restart operations, making it the most likely location for the missing authorization validation (CWE-285). The high confidence comes from the vulnerability's context and typical Jenkins plugin architecture patterns.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

J*nkins Pip*lin*: ***l*r*tiv* Plu*in *.****.v*_*_***_***_**_** *n* **rli*r *o*s not ****k w**t**r t** m*in (J*nkins*il*) s*ript us** to r*st*rt * *uil* *rom * sp**i*i* st*** is *pprov**, *llowin* *tt**k*rs wit* It*m/*uil* p*rmission to r*st*rt * pr*v

Reasoning

T** vuln*r**ility st*ms *rom missin* s*ript *pprov*l ****ks *urin* *uil* r*st*rts. T** `R*st*rt***l*r*tiv*Pip*lin***tion` *l*ss is *ir**tly r*sponsi*l* *or **n*lin* r*st*rt r*qu*sts in t** ***l*r*tiv* Plu*in. T** **visory st*t*s t** p*t**** v*rsion *

8

Basic Information

Concerned about an active attack path?

CVE-2024-52551: Restarting a run with revoked script approval allowed by Jenkins Pipeline: Declarative Plugin

8

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI