CVE-2024-34148

EPSS 0.4%
Veröffentlicht 02.05.2024 14:15:10
Zuletzt bearbeitet 06.06.2025 15:28:57
Quelle jenkinsci-cert@googlegroups.co
CVE-Watchlists
Login
Unerledigt
Login

Jenkins Subversion Partial Release Manager Plugin 1.0.1 and earlier programmatically disables the fix for CVE-2016-3721 whenever a build is triggered from a release tag, by setting the Java system property 'hudson.model.ParametersAction.keepUndefinedParameters'.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 5

NVD 1 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Jenkins ≫ Subversion Partial Release Manager SwPlatformjenkins Version <= 1.0.1

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.4%	0.603

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0	6.8	1.6	5.2	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N

CWE-1321 Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

The product receives input from an upstream component that specifies attributes that are to be initialized or updated in an object, but it does not properly control modifications of attributes of the object prototype.

http://www.openwall.com/lists/oss-security/2024/05/02/3

Mailing List

https://www.jenkins.io/security/advisory/2024-05-02/#SECURITY-3331

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2024-34148

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-34148

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-34148

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2024-34148