CVE-2024-52550: 
Java vulnerability analysis and mitigation

Jenkins Pipeline: Groovy Plugin version 3990.vd281dd77a_388 and earlier (except 3975.3977.v478dd9e956c3) contains a security vulnerability identified as CVE-2024-52550. The vulnerability was discovered and disclosed on November 13, 2024, affecting the workflow-cps component of Jenkins. This security issue impacts the script approval verification mechanism in the Jenkins Pipeline system (Jenkins Advisory).

The vulnerability stems from a failure to verify the approval status of the main Jenkinsfile script during build rebuilds. The issue has been assigned a CVSS v3.1 base score of 8.0 (High), with a vector string of CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H. The vulnerability is classified under CWE-354 (Improper Validation of Integrity Check Value) (NVD).

This vulnerability allows attackers with Item/Build permission to rebuild previous builds whose Jenkinsfile scripts have had their approval revoked. It's important to note that this vulnerability only affects builds whose Jenkinsfile scripts previously had approval and later had it revoked, not builds whose scripts were never approved (Jenkins Advisory).

The vulnerability has been fixed in Pipeline: Groovy Plugin version 3993.v3e20a_37282f8, which now refuses to rebuild a build whose main Jenkinsfile script is unapproved. Organizations should upgrade to this version to mitigate the vulnerability. The fix implements proper verification of script approval status during rebuild operations (Jenkins Advisory).