CVE-2024-52554

Name of the Vulnerable Software and Affected Versions Jenkins Shared Library Version Override Plugin versions 17.v786074c9fce7 and earlier

Description The issue allows attackers with Item/Configure permission on a folder to configure a folder-scoped library override that runs without sandbox protection, as these overrides are declared as trusted and not executed in the Script Security sandbox. This could potentially be exploited by attackers to run malicious code without the protection of the sandbox.

Recommendations For versions 17.v786074c9fce7 and earlier, update to a version that declares folder-scoped library overrides as untrusted, such as version 19.v3a c975738d4a , to ensure that these overrides are executed in the Script Security sandbox. As a temporary workaround, consider restricting the Item/Configure permission on folders to minimize the risk of exploitation.