We are on jenkins 2.491, is this version susceptible to CVE-2024-38821

we are on jenkins 2.491, is this version susceptible to CVE-2024-38821

As far as I can tell, Jenkins is not susceptible to CVE-2024-38821. The U.S. national vulnerability database entry says:

For this to impact an application, all of the following must be true:

  • It must be a WebFlux application
  • It must be using Spring’s static resources support
  • It must have a non-permitAll authorization rule applied to the static resources support

Jenkins is not a WebFlux application

yes thank you, just needed something in writing so our security team is happy
Govind