CVE-2024-52554

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published Nov 13, 2024

Updated: Nov 15, 2024

CWE ID 862

Summary

CVE-2024-52554 is a vulnerability affecting the Jenkins Shared Library Version Override Plugin version 17.v786074c9fce7 and earlier. This issue allows attackers with Item/Configure permissions on a folder to configure a folder-scoped library override that bypasses the Script Security sandbox, executing the code without sandbox protection. This vulnerability poses a significant risk as it enables attackers to run malicious scripts and potentially compromise the Jenkins environment. It is crucial that users of the affected plugin update to the latest version to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/0eHDqF
https://www.cve.org/CVERecord?id=CVE-2024-52554
https://nvd.nist.gov/vuln/detail/CVE-2024-52554

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

Threats to the 2025 NATO Summit

Artificial Eyes: Generative AI in China’s Military Intelligence

GrayAlpha Uses Diverse Infection Vectors to Deploy PowerNet Loader and NetSupport RAT

Know What Matters

For Customers

For Partners

CVE-2024-52554

CVSS 3.1 Score 8.8 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations