Lucene search
JenkinsCVELIST:CVE-2024-23897HistoryJan 24, 2024 - 5:52 p.m.
CVE-2024-23897
2024-01-2417:52:22
jenkins
www.cve.org
cve-2024-23897
jenkins
cli parser
unauthenticated attackers
file system
Jenkins 2.441 and earlier, LTS 2.426.2 and earlier does not disable a feature of its CLI command parser that replaces an ‘@’ character followed by a file path in an argument with the file’s contents, allowing unauthenticated attackers to read arbitrary files on the Jenkins controller file system.
CNA Affected
[
{
"defaultStatus": "affected",
"product": "Jenkins",
"vendor": "Jenkins Project",
"versions": [
{
"lessThan": "1.606",
"status": "unaffected",
"version": "0",
"versionType": "maven"
},
{
"lessThan": "*",
"status": "unaffected",
"version": "2.442",
"versionType": "maven"
},
{
"lessThan": "2.426.*",
"status": "unaffected",
"version": "2.426.3",
"versionType": "maven"
},
{
"lessThan": "2.440.*",
"status": "unaffected",
"version": "2.440.1",
"versionType": "maven"
}
]
}
]References
packetstormsecurity.com/files/176839/Jenkins-2.441-LTS-2.426.3-CVE-2024-23897-Scanner.html
packetstormsecurity.com/files/176840/Jenkins-2.441-LTS-2.426.3-Arbitrary-File-Read.html
www.openwall.com/lists/oss-security/2024/01/24/6
www.jenkins.io/security/advisory/2024-01-24/#SECURITY-3314
www.sonarsource.com/blog/excessive-expansion-uncovering-critical-security-vulnerabilities-in-jenkins/
Related
githubexploit
githubexploit
Exploit for CVE-2024-23897
2024-01-29 04:41:53
Exploit for CVE-2024-23897
2024-02-19 02:29:12
Exploit for CVE-2024-23897
2024-02-26 03:07:28
zdt
zdt
Jenkins 2.441 / LTS 2.426.3 Arbitrary File Read Exploit
2024-01-29 00:00:00
hivepro
hivepro
Critical Remote Code Execution Flaws Uncovered in Jenkins
2024-02-01 06:56:33
metasploit
metasploit
Jenkins cli Ampersand Replacement Arbitrary File Read
2024-01-30 22:12:10
github
github
Arbitrary file read vulnerability through the Jenkins CLI can lead to RCE
2024-01-24 18:31:02
osv
osv
BIT-jenkins-2024-23897
2024-03-06 10:53:54
CVE-2024-23897
2024-01-24 18:15:09
Arbitrary file read vulnerability through the Jenkins CLI can lead to RCE
2024-01-24 18:31:02
cve
cve
CVE-2024-23897
2024-01-24 18:15:09
cgr
cgr
CVE-2024-23897 vulnerabilities
2024-05-19 03:07:16
packetstorm
packetstorm
Jenkins 2.441 Local File Inclusion
2024-04-15 00:00:00
Jenkins 2.441 / LTS 2.426.3 Arbitrary File Read
2024-01-29 00:00:00
redhatcve
redhatcve
CVE-2024-23897
2024-01-25 20:21:50
alpinelinux
alpinelinux
CVE-2024-23897
2024-01-24 18:15:09
veracode
veracode
Arbitrary File Read
2024-01-31 06:55:39
prion
prion
Design/Logic Flaw
2024-01-24 18:15:00
trendmicroblog
trendmicroblog
Jenkins Args4j CVE-2024-23897: Files Exposed, Code at Risk
2024-03-19 00:00:00
nvd
nvd
CVE-2024-23897
2024-01-24 18:15:09
wolfi
wolfi
CVE-2024-23897 vulnerabilities
2024-06-29 03:08:33
exploitdb
exploitdb
Jenkins 2.441 - Local File Inclusion
2024-04-15 00:00:00
rapid7blog
rapid7blog
Metasploit Weekly Wrap-Up 04/05/2024
2024-04-05 18:59:29
freebsd
freebsd
jenkins -- multiple vulnerabilities
2024-01-24 00:00:00
nessus
nessus
Jenkins LTS < 2.426.3 / Jenkins weekly < 2.442 Multiple Vulnerabilities
2024-01-24 00:00:00
FreeBSD : jenkins -- multiple vulnerabilities (8b03d274-56ca-489e-821a-cf32f07643f0)
2024-01-25 00:00:00
RHEL 8 : jenkins and jenkins-2-plugins (RHSA-2024:0776)
2024-04-28 00:00:00
kitploit
kitploit
CVE-2024-23897 - Jenkins <= 2.441 & <= LTS 2.426.2 PoC And Scanner
2024-02-25 11:30:00
thn
thn
Critical Jenkins Vulnerability Exposes Servers to RCE Attacks - Patch ASAP!
2024-01-25 11:57:00
redhat
redhat
(RHSA-2024:0776) Important: jenkins and jenkins-2-plugins security update
2024-02-12 10:18:15
(RHSA-2024:0775) Important: jenkins and jenkins-2-plugins security update
2024-02-12 10:17:47
(RHSA-2024:0778) Important: Jenkins and Jenkins-2-plugins security update
2024-02-12 10:30:15
redos
redos
ROS-20240411-08
2024-04-11 00:00:00