CVE-2024-34146

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2024-34146

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-34146.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-34146

Aliases

GHSA-xh9c-vcf9-h94m

Published

2024-05-02T14:15:10.380Z

Modified

2026-01-09T19:14:10.917916Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

Jenkins Git server Plugin 114.v068a_c7cc2574 and earlier does not perform a permission check for read access to a Git repository over SSH, allowing attackers with a previously configured SSH public key but lacking Overall/Read permission to access these repositories.

References

Affected packages

Git / github.com/jenkinsci/git-server-plugin

Affected ranges

Type: GIT
Repo: https://github.com/jenkinsci/git-server-plugin
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

068ac7cc2574882ef9f5a486e001228a71d881ad

Affected versions

114.*

114.v068a_c7cc2574

99.*

99.va_0826a_b_cdfa_d

git-server-1.*

git-server-1.0

git-server-1.1

git-server-1.10

git-server-1.11

git-server-1.2

git-server-1.3

git-server-1.4

git-server-1.5

git-server-1.6

git-server-1.7

git-server-1.8

git-server-1.9

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-34146.json"