CVE-2024-34146

Published: May 2, 2024Modified: Oct 10, 2025

6.5

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Exploitability: 2.8 / Impact: 3.6

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

Jenkins Git server Plugin 114.v068a_c7cc2574 and earlier does not perform a permission check for read access to a Git repository over SSH, allowing attackers with a previously configured SSH public key but lacking Overall/Read permission to access these repositories.

Affected (1)

Products: Jenkins: Git Server

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Jenkins Git Server	Up to 114.v068a_c7cc2574

Related CWEs

Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

Missing Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

Incorrect Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.

References (4)

http://www.openwall.com/lists/oss-security/2024/05/02/3

Source: jenkinsci-cert@googlegroups.com

Mailing List

https://www.jenkins.io/security/advisory/2024-05-02/#SECURITY-3342

Source: jenkinsci-cert@googlegroups.com

Vendor Advisory

http://www.openwall.com/lists/oss-security/2024/05/02/3

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing List

https://www.jenkins.io/security/advisory/2024-05-02/#SECURITY-3342

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.