February 17, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
INC Ransom Gang Claims to Successfully Attack US-Saudi Arabian Business Council
May 6, 2024Threat Actors Executed Malicious Code by Abusing Notepad++ Plugin – Active IOCs
May 6, 2024INC Ransom Gang Claims to Successfully Attack US-Saudi Arabian Business Council
May 6, 2024Threat Actors Executed Malicious Code by Abusing Notepad++ Plugin – Active IOCs
May 6, 2024
Severity
Medium
Analysis Summary
CVE-2024-34148 CVSS:6.8
Jenkins Subversion Partial Release Manager Plugin could provide weaker than expected security, caused by disabling security protection due to programmatically sets the Java system property hudson.model.ParametersAction.keepUndefinedParameters. A remote authenticated attacker could exploit this vulnerability to launch further attacks on the system.
CVE-2024-34147 CVSS:3.3
Jenkins Telegram Bot Plugin could allow a local authenticated attacker to obtain sensitive information, caused by the storage of token in plain-text in the global configuration file. By gaining access to the global configuration file, an attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system.
CVE-2024-34146 CVSS:5.3
Jenkins Git server Plugin could allow a remote attacker to obtain sensitive information, caused by improper permission validation. By sending a specially crafted request, an attacker could exploit this vulnerability to gain read access to a Git repository over SSH, and use this information to launch further attacks against the affected system.
CVE-2024-34145 CVSS:8.8
Jenkins Script Security Plugin could allow a remote authenticated attacker to bypass security restrictions, caused by sandbox bypass flaw in the sandbox-defined classes. By sending specially crafted constructor bodies, an attacker could exploit this vulnerability to define and run sandboxed scripts.
CVE-2024-34144 CVSS:8.8
Jenkins Script Security Plugin could allow a remote authenticated attacker to bypass security restrictions, caused by sandbox bypass flaw. By sending specially crafted constructor bodies, an attacker could exploit this vulnerability to define and run sandboxed scripts.
Impact
- Gain Access
- Information Disclosure
- Security Bypass
Indicators of Compromise
CVE
- CVE-2024-34148
- CVE-2024-34147
- CVE-2024-34146
- CVE-2024-34145
- CVE-2024-34144
Affected Vendors
Jenkins
Affected Products
- Jenkins Subversion Partial Release Manager Plugin 1.0.1
- Jenkins Telegram Bot Plugin 1.4.0
- Jenkins Git server Plugin 114.v068a_c7cc2574
- Jenkins Script Security Plugin 1335.vf07d9ce377a_e
Remediation
Refer to Jenkins Security Advisory for patch, upgrade or suggested workaround information.