Jenkins Plugin Disables Security Fix for CVE-2016-3721
CVE-2024-34148
Currently unrated
Key Information:
- Vendor
- Jenkins
- Status
- Jenkins Subversion Partial Release Manager Plugin
- Vendor
- CVE Published:
- 2 May 2024
Summary
Jenkins Subversion Partial Release Manager Plugin 1.0.1 and earlier programmatically disables the fix for CVE-2016-3721 whenever a build is triggered from a release tag, by setting the Java system property 'hudson.model.ParametersAction.keepUndefinedParameters'.
Affected Version(s)
Jenkins Subversion Partial Release Manager Plugin 0 <= 1.0.1
References
Timeline
Vulnerability published
Vulnerability Reserved
Collectors
NVD DatabaseMitre Database