we are on jenkins 2.491, is this version susceptible to CVE-2024-38821
As far as I can tell, Jenkins is not susceptible to CVE-2024-38821. The U.S. national vulnerability database entry says:
For this to impact an application, all of the following must be true:
- It must be a WebFlux application
- It must be using Spring’s static resources support
- It must have a non-permitAll authorization rule applied to the static resources support
Jenkins is not a WebFlux application
yes thank you, just needed something in writing so our security team is happy
Govind