CVE-2024-34148

Jenkins Subversion Partial Release Manager Plugin 1.0.1 and earlier programmatically disables the fix for CVE-2016-3721 whenever a build is triggered from a release tag, by setting the Java system property 'hudson.model.ParametersAction.keepUndefinedParameters'.
Configurations

Configuration 1 (hide)

cpe:2.3:a:jenkins:subversion_partial_release_manager:*:*:*:*:*:jenkins:*:*

History

06 Jun 2025, 15:28

Type Values Removed Values Added
CPE cpe:2.3:a:jenkins:subversion_partial_release_manager:*:*:*:*:*:jenkins:*:*
First Time Jenkins subversion Partial Release Manager
Jenkins
References () http://www.openwall.com/lists/oss-security/2024/05/02/3 - () http://www.openwall.com/lists/oss-security/2024/05/02/3 - Mailing List
References () https://www.jenkins.io/security/advisory/2024-05-02/#SECURITY-3331 - () https://www.jenkins.io/security/advisory/2024-05-02/#SECURITY-3331 - Vendor Advisory

Information

Published : 2024-05-02 14:15

Updated : 2025-06-06 15:28


NVD link : CVE-2024-34148

Mitre link : CVE-2024-34148

CVE.ORG link : CVE-2024-34148


JSON object : View

Products Affected

jenkins

  • subversion_partial_release_manager
CWE
CWE-1321

Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')