Lucene search

K
alpinelinuxAlpine Linux Development TeamALPINE:CVE-2024-23898
HistoryJan 24, 2024 - 6:15 p.m.

CVE-2024-23898

2024-01-2418:15:09
Alpine Linux Development Team
security.alpinelinux.org
13
jenkins
cve-2024-23898
cswsh
websocket
cli
unix

7.5 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

30.5%

Jenkins 2.217 through 2.441 (both inclusive), LTS 2.222.1 through 2.426.2 (both inclusive) does not perform origin validation of requests made through the CLI WebSocket endpoint, resulting in a cross-site WebSocket hijacking (CSWSH) vulnerability, allowing attackers to execute CLI commands on the Jenkins controller.

OSVersionArchitecturePackageVersionFilename
Alpineedge-communitynoarchjenkins= 2.440.2-r0UNKNOWN
Alpine3.19-communitynoarchjenkins= 2.440.3-r0UNKNOWN

7.5 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

30.5%