{"id":"GHSA-8pv9-qh96-9hc6","summary":"Jenkins does not perform a permission check in an HTTP endpoint","details":"Jenkins 2.470 and earlier, LTS 2.452.3 and earlier does not perform a permission check in an HTTP endpoint.\n\nThis allows attackers with Overall/Read permission to access other users' \"My Views\". Attackers with global View/Configure and View/Delete permissions are also able to change other users' \"My Views\".\n\nJenkins 2.471, LTS 2.452.4, LTS 2.462.1 restricts access to a user’s \"My Views\" to the owning user and administrators.","aliases":["BIT-jenkins-2024-43045","CVE-2024-43045"],"modified":"2026-02-04T02:52:08.687778Z","published":"2024-08-07T15:30:42Z","related":["CGA-8hr7-6c5h-m383"],"database_specific":{"github_reviewed":true,"severity":"MODERATE","cwe_ids":["CWE-285","CWE-862"],"github_reviewed_at":"2024-08-07T18:26:58Z","nvd_published_at":"2024-08-07T14:15:33Z"},"references":[{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-43045"},{"type":"WEB","url":"https://github.com/jenkinsci/jenkins/commit/0c13259cebc6a780fee7825838f4dd98ece8e68a"},{"type":"WEB","url":"https://github.com/jenkinsci/jenkins/commit/3752f406bfef764e4954238acf44343169ae5799"},{"type":"WEB","url":"https://github.com/jenkinsci/jenkins/commit/efece77d759b38c95b39b191051a8203bbc2f428"},{"type":"PACKAGE","url":"https://github.com/jenkinsci/jenkins"},{"type":"WEB","url":"https://www.jenkins.io/security/advisory/2024-08-07/#SECURITY-3349"}],"affected":[{"package":{"name":"org.jenkins-ci.main:jenkins-core","ecosystem":"Maven","purl":"pkg:maven/org.jenkins-ci.main/jenkins-core"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.452.4"}]}],"versions":["1.396","1.397","1.398","1.399","1.400","1.401","1.403","1.404","1.405","1.406","1.407","1.408","1.409","1.409.1","1.409.2","1.409.3","1.410","1.411","1.412","1.413","1.414","1.415","1.416","1.417","1.418","1.419","1.420","1.421","1.422","1.423","1.424","1.424.1","1.424.2","1.424.3","1.424.4","1.424.5","1.424.6","1.425","1.426","1.427","1.428","1.429","1.430","1.431","1.432","1.433","1.434","1.435","1.436","1.437","1.438","1.439","1.440","1.441","1.442","1.443","1.444","1.445","1.446","1.447","1.447.1","1.447.2","1.448","1.449","1.450","1.451","1.452","1.453","1.454","1.455","1.456","1.457","1.458","1.459","1.460","1.461","1.462","1.463","1.464","1.465","1.466","1.466.1","1.466.2","1.467","1.468","1.469","1.470","1.471","1.472","1.473","1.474","1.475","1.476","1.477","1.478","1.479","1.480","1.480.1","1.480.2","1.480.3","1.481","1.482","1.483","1.484","1.485","1.486","1.487","1.488","1.489","1.490","1.491","1.492","1.493","1.494","1.495","1.496","1.497","1.498","1.499","1.500","1.501","1.502","1.503","1.504","1.505","1.506","1.507","1.508","1.509","1.509.1","1.509.2","1.509.2.JENKINS-14362-jzlib","1.509.2.JENKINS-8856-diag","1.509.3","1.509.3.JENKINS-14362-jzlib","1.509.4","1.510","1.511","1.512","1.513","1.514","1.515","1.516","1.516.JENKINS-14362-jzlib","1.517","1.518","1.518.JENKINS-14362-jzlib","1.519","1.520","1.521","1.522","1.523","1.524","1.525","1.526","1.527","1.528","1.529","1.530","1.531","1.532","1.532.1","1.532.1.JENKINS-19453","1.532.2","1.532.2.JENKINS-21622-diag","1.532.2.JENKINS-22395-diag","1.532.3","1.532.3.JENKINS-22395","1.532.3.JENKINS-22395-2","1.533","1.534","1.535","1.536","1.537","1.538","1.539","1.540","1.541","1.542","1.543","1.544","1.545","1.546","1.547","1.548","1.549","1.550","1.551","1.552","1.553","1.554","1.554.1","1.554.2","1.554.3","1.554.3.JENKINS-18065-ALLRM-all","1.554.3.JENKINS-18065-JENKINS-23945","1.555","1.556","1.557","1.558","1.559","1.560","1.561","1.562","1.563","1.564","1.565","1.565.1","1.565.1.JENKINS-22395-dropLinks","1.565.2","1.565.3","1.566","1.567","1.568","1.569","1.570","1.571","1.572","1.573","1.574","1.575","1.576","1.577","1.578","1.579","1.580","1.580.1","1.580.2","1.580.3","1.581","1.582","1.583","1.584","1.585","1.586","1.587","1.588","1.589","1.590","1.591","1.592","1.593","1.594","1.595","1.596","1.596.1","1.596.2","1.596.3","1.597","1.598","1.599","1.600","1.601","1.602","1.604","1.605","1.606","1.607","1.608","1.609","1.609.1","1.609.2","1.609.3","1.610","1.611","1.612","1.613","1.614","1.615","1.616","1.617","1.618","1.619","1.620","1.621","1.622","1.623","1.624","1.625","1.625.1","1.625.2","1.625.3","1.626","1.627","1.628","1.629","1.630","1.631","1.632","1.633","1.634","1.635","1.636","1.637","1.638","1.639","1.640","1.641","1.642","1.642.1","1.642.2","1.642.3","1.642.4","1.643","1.644","1.645","1.646","1.647","1.648","1.649","1.650","1.651","1.651.1","1.651.2","1.651.3","1.652","1.653","1.654","1.655","1.656","1.657","1.658","2.0","2.0-alpha-1","2.0-alpha-2","2.0-alpha-3","2.0-alpha-4","2.0-beta-1","2.0-beta-2","2.0-rc-1","2.1","2.10","2.100","2.101","2.102","2.103","2.104","2.105","2.106","2.107","2.107.1","2.107.2","2.107.3","2.108","2.109","2.11","2.110","2.111","2.112","2.113","2.114","2.115","2.116","2.117","2.118","2.119","2.12","2.120","2.121","2.121.1","2.121.2","2.121.3","2.122","2.123","2.124","2.125","2.126","2.127","2.128","2.129","2.13","2.130","2.131","2.132","2.133","2.134","2.135","2.136","2.137","2.138","2.138.1","2.138.2","2.138.3","2.138.4","2.14","2.140","2.141","2.142","2.143","2.144","2.145","2.146","2.147","2.148","2.149","2.15","2.150","2.150.1","2.150.2","2.150.3","2.151","2.152","2.153","2.154","2.155","2.156","2.157","2.158","2.159","2.16","2.160","2.161","2.162","2.163","2.164","2.164.1","2.164.2","2.164.3","2.165","2.166","2.167","2.168","2.169","2.17","2.170","2.171","2.172","2.173","2.174","2.175","2.176","2.176.1","2.176.2","2.176.3","2.176.4","2.177","2.178","2.179","2.18","2.180","2.181","2.182","2.183","2.184","2.185","2.186","2.187","2.189","2.19","2.19.1","2.19.2","2.19.3","2.19.4","2.190","2.190.1","2.190.2","2.190.3","2.191","2.192","2.193","2.194","2.195","2.196","2.197","2.198","2.199","2.2","2.20","2.200","2.201","2.202","2.203","2.204","2.204.1","2.204.2","2.204.3","2.204.4","2.204.5","2.204.6","2.205","2.206","2.207","2.208","2.209","2.21","2.210","2.211","2.212","2.213","2.214","2.215","2.216","2.217","2.218","2.219","2.22","2.220","2.221","2.222","2.222.1","2.222.3","2.222.4","2.223","2.224","2.225","2.226","2.227","2.228","2.229","2.23","2.230","2.231","2.232","2.233","2.234","2.235","2.235.1","2.235.2","2.235.3","2.235.4","2.235.5","2.236","2.237","2.238","2.239","2.24","2.240","2.241","2.242","2.243","2.244","2.245","2.246","2.247","2.248","2.249","2.249.1","2.249.2","2.249.3","2.25","2.250","2.251","2.252","2.253","2.254","2.255","2.256","2.257","2.258","2.259","2.26","2.260","2.261","2.262","2.263","2.263.1","2.263.2","2.263.3","2.263.4","2.264","2.265","2.266","2.267","2.268","2.269","2.27","2.270","2.271","2.272","2.273","2.274","2.275","2.276","2.277","2.277.1","2.277.2","2.277.3","2.277.4","2.278","2.279","2.28","2.280","2.281","2.282","2.283","2.284","2.285","2.286","2.287","2.288","2.289","2.289.1","2.289.2","2.289.3","2.29","2.290","2.291","2.292","2.293","2.294","2.295","2.296","2.297","2.298","2.299","2.3","2.30","2.300","2.301","2.302","2.303","2.303.1","2.303.2","2.303.3","2.304","2.305","2.306","2.307","2.308","2.309","2.31","2.311","2.312","2.313","2.314","2.315","2.316","2.317","2.318","2.319","2.319.1","2.319.2","2.319.3","2.32","2.32.1","2.32.2","2.32.3","2.320","2.321","2.322","2.323","2.324","2.325","2.326","2.327","2.328","2.329","2.33","2.330","2.331","2.332","2.332.1","2.332.2","2.332.3","2.332.4","2.333","2.334","2.335","2.336","2.337","2.338","2.339","2.34","2.340","2.341","2.342","2.343","2.344","2.345","2.346","2.346.1","2.346.2","2.346.3","2.347","2.348","2.349","2.35","2.350","2.354","2.355","2.356","2.357","2.358","2.359","2.36","2.360","2.361","2.361.1","2.361.2","2.361.3","2.361.4","2.362","2.363","2.364","2.365","2.366","2.367","2.368","2.369","2.37","2.370","2.371","2.372","2.373","2.374","2.375","2.375.1","2.375.2","2.375.3","2.375.4","2.376","2.377","2.378","2.379","2.38","2.380","2.381","2.382","2.383","2.384","2.385","2.386","2.387","2.387.1","2.387.2","2.387.3","2.388","2.389","2.39","2.390","2.391","2.392","2.393","2.394","2.395","2.396","2.397","2.398","2.399","2.4","2.40","2.400","2.401","2.401.1","2.401.2","2.401.3","2.402","2.403","2.404","2.405","2.406","2.407","2.409","2.41","2.410","2.411","2.412","2.413","2.414","2.414.1","2.414.2","2.414.3","2.415","2.416","2.417","2.418","2.419","2.42","2.420","2.421","2.422","2.423","2.424","2.425","2.426","2.426.1","2.426.2","2.426.3","2.427","2.428","2.429","2.43","2.430","2.431","2.432","2.433","2.434","2.435","2.436","2.437","2.438","2.439","2.44","2.440","2.440.1","2.440.2","2.440.3","2.441","2.442","2.443","2.444","2.445","2.446","2.447","2.448","2.449","2.45","2.450","2.451","2.452","2.452.1","2.452.2","2.452.3","2.46","2.46.1","2.46.2","2.46.3","2.47","2.48","2.49","2.5","2.50","2.51","2.52","2.53","2.54","2.55","2.56","2.57","2.58","2.59","2.6","2.60","2.60.1","2.60.2","2.60.3","2.61","2.62","2.63","2.64","2.65","2.66","2.67","2.68","2.69","2.7","2.7.1","2.7.2","2.7.3","2.7.4","2.70","2.71","2.72","2.73","2.73.1","2.73.2","2.73.3","2.74","2.75","2.76","2.77","2.78","2.79","2.8","2.80","2.81","2.82","2.83","2.84","2.85","2.86","2.87","2.88","2.89","2.89.1","2.89.2","2.89.3","2.89.4","2.9","2.90","2.91","2.92","2.93","2.94","2.95","2.96","2.97","2.98","2.99"],"database_specific":{"source":"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/08/GHSA-8pv9-qh96-9hc6/GHSA-8pv9-qh96-9hc6.json"}},{"package":{"name":"org.jenkins-ci.main:jenkins-core","ecosystem":"Maven","purl":"pkg:maven/org.jenkins-ci.main/jenkins-core"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"2.460"},{"fixed":"2.462.1"}]}],"versions":["2.460","2.461","2.462"],"database_specific":{"source":"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/08/GHSA-8pv9-qh96-9hc6/GHSA-8pv9-qh96-9hc6.json"}},{"package":{"name":"org.jenkins-ci.main:jenkins-core","ecosystem":"Maven","purl":"pkg:maven/org.jenkins-ci.main/jenkins-core"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"2.470"},{"fixed":"2.471"}]}],"versions":["2.470"],"database_specific":{"source":"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/08/GHSA-8pv9-qh96-9hc6/GHSA-8pv9-qh96-9hc6.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"type":"CVSS_V4","score":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"}]}