CVE-2024-52549

Name of the Vulnerable Software and Affected Versions Jenkins Script Security Plugin versions 1367.vdf2fc45f229c and earlier, except 1365.1367.va 3b b 89f8a 95b and 1362.1364.v4cf2dc5d8776

Description The issue concerns a method implementing form validation that does not perform a permission check, allowing attackers with Overall/Read permission to check for the existence of files on the controller file system. This could potentially be exploited by attackers to gather information about the system.

Recommendations For Jenkins Script Security Plugin versions 1367.vdf2fc45f229c and earlier, except 1365.1367.va 3b b 89f8a 95b and 1362.1364.v4cf2dc5d8776, update to version 1368.vb b 402e3547e7 or later, which requires Overall/Administer permission for the affected form validation method. At the moment, there is no other information about additional mitigation measures for this vulnerability.