Lucene search

K
freebsdFreeBSD8B03D274-56CA-489E-821A-CF32F07643F0
HistoryJan 24, 2024 - 12:00 a.m.

jenkins -- multiple vulnerabilities

2024-01-2400:00:00
vuxml.freebsd.org
31
jenkins
vulnerabilities
arbitrary file read
rce
cross-site websocket hijacking
unix
security
advisory

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.1 High

AI Score

Confidence

Low

0.961 High

EPSS

Percentile

99.5%

Jenkins Security Advisory:

Description
(Critical) SECURITY-3314 / CVE-2024-23897
Arbitrary file read vulnerability through the CLI can lead to RCE
Description
(High) SECURITY-3315 / CVE-2024-23898
Cross-site WebSocket hijacking vulnerability in the CLI

OSVersionArchitecturePackageVersionFilename
FreeBSDanynoarchjenkins< 2.422UNKNOWN
FreeBSDanynoarchjenkins-lts< 2.426.3UNKNOWN

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.1 High

AI Score

Confidence

Low

0.961 High

EPSS

Percentile

99.5%