CVE-2024-52549
📋 TL;DR
This vulnerability in Jenkins Script Security Plugin allows attackers with Overall/Read permission to check for the existence of files on the Jenkins controller file system. It affects Jenkins instances using vulnerable versions of the Script Security Plugin, potentially exposing sensitive file information.
💻 Affected Systems
- Jenkins Script Security Plugin
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Attackers could map the entire controller file system, identify sensitive configuration files, credentials, or backup files, leading to further attacks or data exfiltration.
Likely Case
Attackers with read access can probe for specific files to understand system configuration, potentially identifying weaknesses for subsequent attacks.
If Mitigated
With proper permission controls limiting Overall/Read access, impact is minimal as only authorized users could perform file existence checks.
🎯 Exploit Status
Exploitation requires authenticated access with Overall/Read permission. No public exploit code identified at advisory publication.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Update to Script Security Plugin version 1368.vc93d7d18c3b_9 or later
Vendor Advisory: https://www.jenkins.io/security/advisory/2024-11-13/#SECURITY-3447
Restart Required: Yes
Instructions:
1. Navigate to Jenkins Manage Jenkins > Plugin Manager
2. Check for updates in Available updates tab
3. Update Script Security Plugin to 1368.vc93d7d18c3b_9 or later
4. Restart Jenkins after update completes
🔧 Temporary Workarounds
Restrict Overall/Read Permissions
allLimit Overall/Read permission to only trusted administrators to prevent exploitation.
Navigate to Manage Jenkins > Configure Global Security > Authorization
Modify permissions to restrict Overall/Read to minimal necessary users
🧯 If You Can't Patch
- Review and restrict Overall/Read permissions to essential administrators only
- Monitor audit logs for unusual file existence check patterns from non-admin users
🔍 How to Verify
Check if Vulnerable:
Check Jenkins Plugin Manager for Script Security Plugin version. If version is 1367.vdf2fc45f229c or earlier (excluding the two safe versions mentioned), you are vulnerable.Check Version:
Navigate to Manage Jenkins > Plugin Manager > Installed plugins, find Script Security PluginVerify Fix Applied:
Verify Script Security Plugin version is 1368.vc93d7d18c3b_9 or later in Plugin Manager.📡 Detection & Monitoring
Log Indicators:
- Unusual form validation requests from non-admin users
- Multiple file existence check patterns in short timeframes
Network Indicators:
- Repeated POST requests to form validation endpoints from single sources
SIEM Query:
source="jenkins.log" AND "formValidation" AND user!="admin" | stats count by src_ip