{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2024-52549","assignerOrgId":"39769cd5-e6e2-4dc8-927e-97b3aa056f5b","state":"PUBLISHED","assignerShortName":"jenkins","dateReserved":"2024-11-12T15:28:28.980Z","datePublished":"2024-11-13T20:53:00.291Z","dateUpdated":"2024-11-13T21:35:30.700Z"},"containers":{"cna":{"providerMetadata":{"orgId":"39769cd5-e6e2-4dc8-927e-97b3aa056f5b","shortName":"jenkins","dateUpdated":"2024-11-13T20:53:00.291Z"},"affected":[{"vendor":"Jenkins Project","product":"Jenkins Script Security Plugin","versions":[{"version":"0","versionType":"maven","lessThanOrEqual":"1362.v67dc1f0e1b_b_3","status":"affected"},{"version":"1365.v4778ca_84b_de5","status":"affected"},{"version":"1366.vd44b_49a_5c85c","versionType":"maven","lessThanOrEqual":"1367.vdf2fc45f229c","status":"affected"}],"defaultStatus":"unaffected"}],"descriptions":[{"lang":"en","value":"Jenkins Script Security Plugin 1367.vdf2fc45f229c and earlier, except 1365.1367.va_3b_b_89f8a_95b_ and 1362.1364.v4cf2dc5d8776, does not perform a permission check in a method implementing form validation, allowing attackers with Overall/Read permission to check for the existence of files on the controller file system."}],"references":[{"name":"Jenkins Security Advisory 2024-11-13","url":"https://www.jenkins.io/security/advisory/2024-11-13/#SECURITY-3447","tags":["vendor-advisory"]}]},"adp":[{"problemTypes":[{"descriptions":[{"type":"CWE","cweId":"CWE-862","lang":"en","description":"CWE-862 Missing Authorization"}]}],"metrics":[{"cvssV3_1":{"scope":"UNCHANGED","version":"3.1","baseScore":4.3,"attackVector":"NETWORK","baseSeverity":"MEDIUM","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","integrityImpact":"NONE","userInteraction":"NONE","attackComplexity":"LOW","availabilityImpact":"NONE","privilegesRequired":"LOW","confidentialityImpact":"LOW"}},{"other":{"type":"ssvc","content":{"timestamp":"2024-11-13T21:35:27.415468Z","id":"CVE-2024-52549","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-11-13T21:35:30.700Z"}}]}}