GHSA-xh9c-vcf9-h94m

Source
https://github.com/advisories/GHSA-xh9c-vcf9-h94m
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/05/GHSA-xh9c-vcf9-h94m/GHSA-xh9c-vcf9-h94m.json
Aliases
  • CVE-2024-34146
Published
2024-05-02T15:30:35Z
Modified
2024-05-03T20:43:33.116434Z
Summary
Jenkins Git server Plugin does not perform a permission check
Details

Jenkins Git server Plugin 114.v068a_c7cc2574 and earlier does not perform a permission check for read access to a Git repository over SSH.

This allows attackers with a previously configured SSH public key but lacking Overall/Read permission to access Git repositories.

Git server Plugin 117.veb68868fa027 requires Overall/Read permission to access Git repositories over SSH.

References

Affected packages

Maven / org.jenkins-ci.plugins:git-server

Package

Name
org.jenkins-ci.plugins:git-server

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0The exact introduced commit is unknown
Fixed
117.veb

Affected versions

1.*

1.0
1.1
1.2
1.3
1.4
1.5
1.6
1.7
1.8
1.9
1.10
1.11

99.*

99.va_0826a_b_cdfa_d
99.101.v720e86326c09

114.*

114.v068a_c7cc2574