Jenkins Git server Plugin does not perform a permission check
Moderate severity
GitHub Reviewed
Published
May 2, 2024
to the GitHub Advisory Database
•
Updated May 13, 2024
Package
Affected versions
< 117.veb
Patched versions
117.veb
Description
Published by the National Vulnerability Database
May 2, 2024
Published to the GitHub Advisory Database
May 2, 2024
Reviewed
May 3, 2024
Last updated
May 13, 2024
Jenkins Git server Plugin 114.v068a_c7cc2574 and earlier does not perform a permission check for read access to a Git repository over SSH.
This allows attackers with a previously configured SSH public key but lacking Overall/Read permission to access Git repositories.
Git server Plugin 117.veb_68868fa_027 requires Overall/Read permission to access Git repositories over SSH.
References