Lucene search
JenkinsCVELIST:CVE-2024-23899HistoryJan 24, 2024 - 5:52 p.m.
CVE-2024-23899
2024-01-2417:52:24
jenkins
www.cve.org
6
cve-2024-23899
git server
command parser
jenkins controller
file system
security vulnerability
permission bypass
Jenkins Git server Plugin 99.va_0826a_b_cdfa_d and earlier does not disable a feature of its command parser that replaces an ‘@’ character followed by a file path in an argument with the file’s contents, allowing attackers with Overall/Read permission to read content from arbitrary files on the Jenkins controller file system.
CNA Affected
[
{
"vendor": "Jenkins Project",
"product": "Jenkins Git server Plugin",
"versions": [
{
"version": "0",
"versionType": "maven",
"lessThanOrEqual": "99.va_0826a_b_cdfa_d",
"status": "affected"
}
],
"defaultStatus": "unaffected"
}
]Related
veracode
veracode
Arbitrary File Read
2024-01-29 09:10:15
cve
cve
CVE-2024-23899
2024-01-24 18:15:09
prion
prion
Double free
2024-01-24 18:15:00
nvd
nvd
CVE-2024-23899
2024-01-24 18:15:09
github
github
Arbitrary file read vulnerability in Git server Plugin can lead to RCE
2024-01-24 18:31:02
alpinelinux
alpinelinux
CVE-2024-23899
2024-01-24 18:15:09
osv
osv
Arbitrary file read vulnerability in Git server Plugin can lead to RCE
2024-01-24 18:31:02
redhatcve
redhatcve
CVE-2024-23899
2024-01-25 20:21:33
nessus
nessus
RHEL 8 : Red Hat Product OCP Tools 4.13 OpenShift Jenkins (RHSA-2024:3636)
2024-06-05 00:00:00
RHEL 8 : Red Hat Product OCP Tools 4.12 Openshift Jenkins (RHSA-2024:3635)
2024-06-05 00:00:00
RHEL 8 : Red Hat Product OCP Tools 4.14 OpenShift Jenkins (RHSA-2024:3634)
2024-06-05 00:00:00
redhat
redhat
redos
redos
ROS-20240411-08
2024-04-11 00:00:00