CVE: Common Vulnerabilities and Exposures

Required CVE Record Information

Description

Jenkins GitLab Branch Source Plugin 684.vea_fa_7c1e2fe3 and earlier unconditionally discovers projects that are shared with the configured owner group, allowing attackers to configure and share a project, resulting in a crafted Pipeline being built by Jenkins during the next scan of the group.

Product Status

Learn more

Versions 1 Total

Default Status: unaffected

affected

References 2 Total

jenkins.io: Jenkins Security Advisory 2024-01-24
external site
vendor-advisory
http://www.openwall.com/lists/oss-security/2024/01/24/6
external site

Updated: 2024-08-01

This container includes required additional information provided by the CVE Program for this vulnerability.

References 2 Total

jenkins.io: Jenkins Security Advisory 2024-01-24
external site
vendor-advisoryx_transferred
http://www.openwall.com/lists/oss-security/2024/01/24/6
external site
x_transferred

Common vulnerabilities and Exposures (CVE)

Required CVE Record Information

CNA: Jenkins Project

Description

Product Status

References 2 Total

CVE Program

References 2 Total