{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-29T20:20:50.387","vulnerabilities":[{"cve":{"id":"CVE-2024-52554","sourceIdentifier":"jenkinsci-cert@googlegroups.com","published":"2024-11-13T21:15:29.540","lastModified":"2025-10-03T00:56:06.223","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Jenkins Shared Library Version Override Plugin 17.v786074c9fce7 and earlier declares folder-scoped library overrides as trusted, so that they're not executed in the Script Security sandbox, allowing attackers with Item/Configure permission on a folder to configure a folder-scoped library override that runs without sandbox protection."},{"lang":"es","value":"El complemento de anulación de versión de librería compartida de Jenkins 17.v786074c9fce7 y versiones anteriores declara que las anulaciones de librería con ámbito de carpeta son confiables, de modo que no se ejecutan en el entorno aislado de seguridad de script, lo que permite a los atacantes con permiso de Elemento/Configurar en una carpeta configurar una anulación de librería con ámbito de carpeta que se ejecuta sin protección de entorno aislado."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:jenkins:shared_library_version_override:*:*:*:*:*:jenkins:*:*","versionEndIncluding":"17.v786074c9fce7","matchCriteriaId":"1F157EB3-F633-4DCB-B2E1-CC7B390AD269"}]}]}],"references":[{"url":"https://www.jenkins.io/security/advisory/2024-11-13/#SECURITY-3466","source":"jenkinsci-cert@googlegroups.com","tags":["Vendor Advisory"]}]}}]}