VulnerableCode Package Details - pkg:maven/org.jenkins-ci.main/jenkins-core@2.466

Search for packages

Vulnerability	Summary	Fixed by
VCID-jarz-xtnw-ufbz Aliases: CVE-2024-47803 GHSA-pj95-ph4q-4qm4	Jenkins exposes multi-line secrets through error messages Jenkins Jenkins provides the `secretTextarea` form field for multi-line secrets. Jenkins 2.478 and earlier, LTS 2.462.2 and earlier does not redact multi-line secret values in error messages generated for form submissions involving the `secretTextarea` form field. This can result in exposure of multi-line secrets through those error messages, e.g., in the system log. Jenkins 2.479, LTS 2.462.3 redacts multi-line secret values in error messages generated for form submissions involving the `secretTextarea` form field.	2.479 Affected by 0 other vulnerabilities.
VCID-vpxs-mxz3-xqch Aliases: CVE-2024-47804 GHSA-f9qj-77q2-h5c5	Jenkins item creation restriction bypass vulnerability Jenkins provides APIs for fine-grained control of item creation: - Authorization strategies can prohibit the creation of items of a given type in a given item group (`ACL#hasCreatePermission2`). - Item types can prohibit creation of new instances in a given item group (`TopLevelItemDescriptor#isApplicableIn(ItemGroup)`). If an attempt is made to create an item of a prohibited type through the Jenkins CLI or the REST API and either of the above checks fail, Jenkins 2.478 and earlier, LTS 2.462.2 and earlier creates the item in memory, only deleting it from disk. This allows attackers with Item/Create permission to bypass these restrictions, creating a temporary item. With Item/Configure permission, they can also save the item to persist it. If an attempt is made to create an item of a prohibited type through the Jenkins CLI or the REST API and either of the above checks fail, Jenkins 2.479, LTS 2.462.3 does not retain the item in memory.	2.479 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-jarz-xtnw-ufbz
Aliases:
CVE-2024-47803
GHSA-pj95-ph4q-4qm4

Jenkins exposes multi-line secrets through error messages Jenkins Jenkins provides the `secretTextarea` form field for multi-line secrets. Jenkins 2.478 and earlier, LTS 2.462.2 and earlier does not redact multi-line secret values in error messages generated for form submissions involving the `secretTextarea` form field. This can result in exposure of multi-line secrets through those error messages, e.g., in the system log. Jenkins 2.479, LTS 2.462.3 redacts multi-line secret values in error messages generated for form submissions involving the `secretTextarea` form field.

2.479
Affected by 0 other vulnerabilities.

VCID-vpxs-mxz3-xqch
Aliases:
CVE-2024-47804
GHSA-f9qj-77q2-h5c5

Jenkins item creation restriction bypass vulnerability Jenkins provides APIs for fine-grained control of item creation: - Authorization strategies can prohibit the creation of items of a given type in a given item group (`ACL#hasCreatePermission2`). - Item types can prohibit creation of new instances in a given item group (`TopLevelItemDescriptor#isApplicableIn(ItemGroup)`). If an attempt is made to create an item of a prohibited type through the Jenkins CLI or the REST API and either of the above checks fail, Jenkins 2.478 and earlier, LTS 2.462.2 and earlier creates the item in memory, only deleting it from disk. This allows attackers with Item/Create permission to bypass these restrictions, creating a temporary item. With Item/Configure permission, they can also save the item to persist it. If an attempt is made to create an item of a prohibited type through the Jenkins CLI or the REST API and either of the above checks fail, Jenkins 2.479, LTS 2.462.3 does not retain the item in memory.

2.479
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-02T12:40:08.036124+00:00	GitLab Importer	Affected by	VCID-vpxs-mxz3-xqch	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.jenkins-ci.main/jenkins-core/CVE-2024-47804.yml	38.0.0
2026-04-02T12:40:07.891413+00:00	GitLab Importer	Affected by	VCID-jarz-xtnw-ufbz	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.jenkins-ci.main/jenkins-core/CVE-2024-47803.yml	38.0.0
2026-04-01T16:06:30.796066+00:00	GHSA Importer	Affected by	VCID-vpxs-mxz3-xqch	https://github.com/advisories/GHSA-f9qj-77q2-h5c5	38.0.0
2026-04-01T16:06:30.769922+00:00	GHSA Importer	Affected by	VCID-jarz-xtnw-ufbz	https://github.com/advisories/GHSA-pj95-ph4q-4qm4	38.0.0