Vulnerability Database
289,598
Total vulnerabilities in the database
CVE-2024-43045
Jenkins 2.470 and earlier, LTS 2.452.3 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to access other users' "My Views".
| Software | From | Fixed in |
|---|---|---|
org.jenkins-ci.main / jenkins-core
|
- | 2.452.4 |
|
org.jenkins-ci.main / jenkins-core
|
2.460 | 2.462.1 |
|
org.jenkins-ci.main / jenkins-core
|
2.470 | 2.471 |
| jenkins / jenkins | - | 2.471 |
| jenkins / jenkins | - | 2.452.4 |
- https://github.com/jenkinsci/jenkins/commit/0c13259cebc6a780fee7825838f4dd98ece8e68a
- https://github.com/jenkinsci/jenkins/commit/3752f406bfef764e4954238acf44343169ae5799
- https://github.com/jenkinsci/jenkins/commit/efece77d759b38c95b39b191051a8203bbc2f428
- https://www.jenkins.io/security/advisory/2024-08-07/#SECURITY-3349