CVE-2024-52550

Name of the Vulnerable Software and Affected Versions Jenkins Pipeline: Groovy Plugin versions 3990.vd281dd77a 388 and earlier, except version 3975.3977.v478dd9e956c3

Description The issue allows attackers with Item/Build permission to rebuild a previous build whose Jenkinsfile script is no longer approved, because the main script for a rebuilt build is not checked for approval. This can be exploited by attackers with the necessary permissions to rebuild previous builds with unapproved scripts.

Recommendations For versions 3990.vd281dd77a 388 and earlier, except version 3975.3977.v478dd9e956c3, update to a version that includes the fix, such as version 3993.v3e20a 37282f8, which refuses to rebuild a build whose main Jenkinsfile script is unapproved. At the moment, there is no other information about additional mitigation measures.