How severe is CVE-2024-47804?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 4.3 out of 10.

What type of vulnerability is CVE-2024-47804?

This is classified as CWE-843, which is a common weakness in software security.

CVE-2024-47804 - MEDIUM Severity | CVSS 4.3

Vulnerability Description

If an attempt is made to create an item of a type prohibited by `ACL#hasCreatePermission2` or `TopLevelItemDescriptor#isApplicableIn(ItemGroup)` through the Jenkins CLI or the REST API and either of these checks fail, Jenkins 2.478 and earlier, LTS 2.462.2 and earlier creates the item in memory, only deleting it from disk, allowing attackers with Item/Configure permission to save the item to persist it, effectively bypassing the item creation restriction.

Related Vulnerabilities

CVE-2023-24599

MEDIUM

CVSS:4.3(Medium)

OX App Suite before backend 7.10.6-rev37 allows authenticated users to change the appointments of arbitrary users via conflicting ID numbers, aka "ID confusion."

CWE-8432023

CVE-2025-2197

MEDIUM

CVSS:4.3(Medium)

Browser is affected by type confusion vulnerability, successful exploitation of this vulnerability may affect service availability.

CWE-8432025

CVE-2025-31206

MEDIUM

CVSS:4.3(Medium)

A type confusion issue was addressed with improved state handling. This issue is fixed in watchOS 11.5, tvOS 18.5, iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, Safari 18....

CWE-8432025

CVE-2021-0352

MEDIUM

CVSS:4.4(Medium)

In RT regmap driver, there is a possible memory corruption due to type confusion. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for...

CWE-8432021

CVE-2023-20747

MEDIUM

CVSS:4.4(Medium)

In vcu, there is a possible memory corruption due to type confusion. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for exploitation...

CWE-8432023

CVE-2022-3903

MEDIUM

CVSS:4.6(Medium)

An incorrect read request flaw was found in the Infrared Transceiver USB driver in the Linux kernel. This issue occurs when a user attaches a malicious USB device. A local user could use this flaw to ...

CWE-8432022