CVE-2024-52554

{"id": "CVE-2024-52554", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2024-11-13T21:15:29.540", "references": [{"url": "https://www.jenkins.io/security/advisory/2024-11-13/#SECURITY-3466", "source": "jenkinsci-cert@googlegroups.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-862"}]}], "descriptions": [{"lang": "en", "value": "Jenkins Shared Library Version Override Plugin 17.v786074c9fce7 and earlier declares folder-scoped library overrides as trusted, so that they're not executed in the Script Security sandbox, allowing attackers with Item/Configure permission on a folder to configure a folder-scoped library override that runs without sandbox protection."}, {"lang": "es", "value": "El complemento de anulaci\u00f3n de versi\u00f3n de librer\u00eda compartida de Jenkins 17.v786074c9fce7 y versiones anteriores declara que las anulaciones de librer\u00eda con \u00e1mbito de carpeta son confiables, de modo que no se ejecutan en el entorno aislado de seguridad de script, lo que permite a los atacantes con permiso de Elemento/Configurar en una carpeta configurar una anulaci\u00f3n de librer\u00eda con \u00e1mbito de carpeta que se ejecuta sin protecci\u00f3n de entorno aislado."}], "lastModified": "2024-11-15T13:58:08.913", "sourceIdentifier": "jenkinsci-cert@googlegroups.com"}