Lucene search

Veracode Vulnerability DatabaseVERACODE:46801

HistoryMay 08, 2024 - 6:08 a.m.

Improper Access Control

2024-05-0806:08:16

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

improper access control

jenkins

script-security

ssh

git

vulnerability

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

6.7 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.2%

JSON

org.jenkins-ci.plugins: script-security is vulnerable to Improper Access Control. The vulnerability is due to improper permission checks during read access to a Git repository over SSH. This allows attackers with a previously configured SSH public key but lacking Overall/Read permission to access Git repositories.

CPENameOperatorVersion
script security pluginle1335.vf07d9ce377a_e
script security pluginle1335.vf07d9ce377a_e

CPE	Name	Operator	Version
	script security plugin	le	1335.vf07d9ce377a_e
	script security plugin	le	1335.vf07d9ce377a_e

References

www.openwall.com/lists/oss-security/2024/05/02/3

www.jenkins.io/security/advisory/2024-05-02/#SECURITY-3341

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

6.7 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.2%

JSON

Related for VERACODE:46801