Jenkins Plugin Disables Security Fix for CVE-2016-3721

CVE-2024-34148

Currently unrated 🤨

Key Information

Vendor: Jenkins
Status: Jenkins Subversion Partial Release Manager Plugin
Vendor: CVE Published:; 2 May 2024

Summary

Jenkins Subversion Partial Release Manager Plugin 1.0.1 and earlier programmatically disables the fix for CVE-2016-3721 whenever a build is triggered from a release tag, by setting the Java system property 'hudson.model.ParametersAction.keepUndefinedParameters'.

Affected Version(s)

Jenkins Subversion Partial Release Manager Plugin <= 1.0.1

Timeline

Vulnerability published.
May 2, 2024
Vulnerability Reserved.
Apr 30, 2024

Collectors

NVD DatabaseMitre Database