Количество 6
Количество 6
CVE-2024-47804
If an attempt is made to create an item of a type prohibited by `ACL#hasCreatePermission2` or `TopLevelItemDescriptor#isApplicableIn(ItemGroup)` through the Jenkins CLI or the REST API and either of these checks fail, Jenkins 2.478 and earlier, LTS 2.462.2 and earlier creates the item in memory, only deleting it from disk, allowing attackers with Item/Configure permission to save the item to persist it, effectively bypassing the item creation restriction.
CVE-2024-47804
If an attempt is made to create an item of a type prohibited by `ACL#hasCreatePermission2` or `TopLevelItemDescriptor#isApplicableIn(ItemGroup)` through the Jenkins CLI or the REST API and either of these checks fail, Jenkins 2.478 and earlier, LTS 2.462.2 and earlier creates the item in memory, only deleting it from disk, allowing attackers with Item/Configure permission to save the item to persist it, effectively bypassing the item creation restriction.
CVE-2024-47804
If an attempt is made to create an item of a type prohibited by `ACL#h ...
GHSA-f9qj-77q2-h5c5
Jenkins item creation restriction bypass vulnerability
BDU:2024-08496
Уязвимость сервера автоматизации Jenkins, связанная с недостатками контроля доступа, позволяющая нарушителю обойти ограничения и создать временный элемент
ROS-20241015-08
Множественные уязвимости jenkins
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2024-47804 If an attempt is made to create an item of a type prohibited by `ACL#hasCreatePermission2` or `TopLevelItemDescriptor#isApplicableIn(ItemGroup)` through the Jenkins CLI or the REST API and either of these checks fail, Jenkins 2.478 and earlier, LTS 2.462.2 and earlier creates the item in memory, only deleting it from disk, allowing attackers with Item/Configure permission to save the item to persist it, effectively bypassing the item creation restriction. | CVSS3: 5.3 | 0% Низкий | больше 1 года назад |
 | CVE-2024-47804 If an attempt is made to create an item of a type prohibited by `ACL#hasCreatePermission2` or `TopLevelItemDescriptor#isApplicableIn(ItemGroup)` through the Jenkins CLI or the REST API and either of these checks fail, Jenkins 2.478 and earlier, LTS 2.462.2 and earlier creates the item in memory, only deleting it from disk, allowing attackers with Item/Configure permission to save the item to persist it, effectively bypassing the item creation restriction. | CVSS3: 4.3 | 0% Низкий | больше 1 года назад |
| CVE-2024-47804 If an attempt is made to create an item of a type prohibited by `ACL#h ... | CVSS3: 4.3 | 0% Низкий | больше 1 года назад |
| GHSA-f9qj-77q2-h5c5 Jenkins item creation restriction bypass vulnerability | CVSS3: 4.3 | 0% Низкий | больше 1 года назад |
 | BDU:2024-08496 Уязвимость сервера автоматизации Jenkins, связанная с недостатками контроля доступа, позволяющая нарушителю обойти ограничения и создать временный элемент | CVSS3: 4.3 | 0% Низкий | больше 1 года назад |
 | ROS-20241015-08 Множественные уязвимости jenkins | CVSS3: 4.3 | около 1 года назад |
Уязвимостей на страницу