What is the severity of REDHAT-BUG-2326047?

The severity of REDHAT-BUG-2326047 is classified as critical due to its potential exploitation by attackers with Item/Build permissions.

How do I fix REDHAT-BUG-2326047?

To fix REDHAT-BUG-2326047, upgrade Jenkins Pipeline: Declarative Plugin to version 2.2215 or later.

Who is affected by REDHAT-BUG-2326047?

Users of Jenkins Pipeline: Declarative Plugin version 2.2214.vb_b_34b_2ea_9b_83 and earlier are affected by REDHAT-BUG-2326047.

What are the consequences of exploiting REDHAT-BUG-2326047?

Exploiting REDHAT-BUG-2326047 can allow unauthorized users to restart builds with unapproved Jenkinsfile scripts.

What action should I take if I can't upgrade for REDHAT-BUG-2326047?

If you cannot upgrade for REDHAT-BUG-2326047, restrict Item/Build permissions to trusted users to mitigate the risk.

Vulnerability/
REDHAT-BUG-2326047

high

13/11/2024

4/3/2025

REDHAT-BUG-2326047

First published: Wed Nov 13 2024(Updated: )

Jenkins Pipeline: Declarative Plugin 2.2214.vb_b_34b_2ea_9b_83 and earlier does not check whether the main (Jenkinsfile) script used to restart a build from a specific stage is approved, allowing attackers with Item/Build permission to restart a previous build whose (Jenkinsfile) script is no longer approved.

Affected Software	Affected Version	How to fix
Jenkins Pipeline: Declarative Plugin	<=2.2214.vb_b_34b_2ea_9b_83

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of REDHAT-BUG-2326047?
The severity of REDHAT-BUG-2326047 is classified as critical due to its potential exploitation by attackers with Item/Build permissions.
How do I fix REDHAT-BUG-2326047?
To fix REDHAT-BUG-2326047, upgrade Jenkins Pipeline: Declarative Plugin to version 2.2215 or later.
Who is affected by REDHAT-BUG-2326047?
Users of Jenkins Pipeline: Declarative Plugin version 2.2214.vb_b_34b_2ea_9b_83 and earlier are affected by REDHAT-BUG-2326047.
What are the consequences of exploiting REDHAT-BUG-2326047?
Exploiting REDHAT-BUG-2326047 can allow unauthorized users to restart builds with unapproved Jenkinsfile scripts.
What action should I take if I can't upgrade for REDHAT-BUG-2326047?
If you cannot upgrade for REDHAT-BUG-2326047, restrict Item/Build permissions to trusted users to mitigate the risk.

collector/redhat-bugzilla
source/Red Hat
alias/CVE-2024-52551
agent/severity
agent/references
agent/source
agent/last-modified-date
agent/type
agent/description
agent/first-publish-date
agent/event
agent/softwarecombine
agent/tags
agent/guess-ai
agent/software-canonical-lookup
vendor/jenkins
canonical/jenkins pipeline: declarative plugin

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.