logo

Database

Excessive privileges In org.jenkins-ci.plugins:git-server

Description

Jenkins Git server Plugin does not perform a permission check Jenkins Git server Plugin 114.v068a_c7cc2574 and earlier does not perform a permission check for read access to a Git repository over SSH.

This allows attackers with a previously configured SSH public key but lacking Overall/Read permission to access Git repositories.

Git server Plugin 117.veb_68868fa_027 requires Overall/Read permission to access Git repositories over SSH.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version
Patched versions

Aliases

1. CVE-2024-341462. NVD-2024-341463. OSV-2024-341464. GCVE-2024-34146

References

1. https://www.jenkins.io/security/advisory/2024-05-02/#SECURITY-33422. http://www.openwall.com/lists/oss-security/2024/05/02/3

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.